IBM Tivoli Storage Manager FastBack Mount 6.1.x < 6.1.11.1 Multiple Vulnerabilities

critical Nessus Plugin ID 83299

Synopsis

The remote backup service is affected by multiple vulnerabilities.

Description

The version of IBM Tivoli Storage Manager FastBack running on the remote host is 6.1.x prior to 6.1.11.1. It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in the mount service due to improper validation of user-supplied input to the CRYPTO_S_EncryptBufferToBuffer() function. A remote, unauthenticated attacker can exploit this flaw, via a series of specially crafted packets, to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
(CVE-2015-0120)
- An overflow condition exists in the mount service due to improper bounds checking. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-1896)

- An overflow condition exists in the mount service due to improper bounds checking. A remote, unauthenticated attacker can exploit this to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-1898)

Solution

Upgrade to IBM Tivoli Storage Manager FastBack Mount 6.1.11.1 or later.

See Also

http://www.nessus.org/u?ba05015b

http://www.nessus.org/u?eeecc723

http://www.nessus.org/u?00d87e73

Plugin Details

Severity: Critical

ID: 83299

File Name: ibm_tsm_fastback_server_6_1_11_1.nasl

Version: 1.4

Type: remote

Family: General

Published: 5/8/2015

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_manager_fastback

Required KB Items: IBM Tivoli Storage Manager FastBack Server, Services/tsm-fastback

Exploit Ease: No known exploits are available

Patch Publication Date: 4/9/2015

Vulnerability Publication Date: 4/9/2015

Reference Information

CVE: CVE-2015-0120, CVE-2015-1896, CVE-2015-1898

BID: 74021, 74024, 74036