IBM Tivoli Storage Manager Server 6.1.x Multiple Vulnerabilities

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote backup service is affected by multiple vulnerabilities.

Description :

The version of IBM Tivoli Storage Manager installed on the remote host
is 6.1 running on Windows or AIX. It is, therefore, potentially
affected by multiple flaws in its bundled SSL library:

- A flaw that could allow a remote attacker to cause a
denial of service via a specially crafted 'ClientHello'
message. (CVE-2012-2190).

- A flaw that could allow a remote attacker to cause a
denial of service via a specially crafted value in
the TLS Record Layer. (CVE-2012-2191).

- A flaw that could allow a remote attacker to perform a
statistical timing attack known as 'Lucky Thirteen'.
(CVE-2013-0169).

See also :

http://www.nessus.org/u?7d4a4639
http://www.nessus.org/u?004af981
http://www.nessus.org/u?9986de60
http://www.nessus.org/u?c6ba80ec
http://www.nessus.org/u?8e222bc8
http://www.nessus.org/u?002f4534

Solution :

Upgrade to IBM Tivoli Storage Manager 6.2.6.0, 6.3.4.200 or later or
disable SSL.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: General

Nessus Plugin ID: 77117 ()

Bugtraq ID: 54743
55185
57778

CVE ID: CVE-2012-2190
CVE-2012-2191
CVE-2013-0169

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now