IBM Tivoli Storage Manager FastBack 6.1.x < 6.1.12 Multiple Vulnerabilities

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote backup service is affected by multiple vulnerabilities.

Description :

The version of IBM Tivoli Storage Manager FastBack running on the
remote host is 6.1.x prior to 6.1.12. It is, therefore, affected by
multiple vulnerabilities :

- An overflow condition exists due to improper validation
of user-supplied input when handling opcode 1331. A
remote, unauthenticated attacker can exploit this issue
to cause a buffer overflow, resulting in a denial of
service condition or the execution of arbitrary code.
(CVE-2015-1923)

- An overflow condition exists due to improper validation
of user-supplied input when handling opcode 1329. A
remote, unauthenticated attacker can exploit this issue
to cause a stack-based buffer overflow, resulting in a
denial of service condition or the execution of
arbitrary code. (CVE-2015-1924)

- An overflow condition exists due to improper validation
of user-supplied input when handling opcode 1332. A
remote, unauthenticated attacker can exploit this issue
to cause an overflow, resulting in a denial of service
condition or the execution of arbitrary code.
(CVE-2015-1925)

- A buffer overflow condition exists in the
FXCLI_OraBR_Exec_Command() function due to improper
validation of user-supplied input. A remote,
unauthenticated attacker can exploit this issue, via a
specially crafted packet, to cause a stack-based buffer
overflow, resulting in a denial of service or the
execution of arbitrary code. (CVE-2015-1929)

- A buffer overflow condition exists in the
JOB_S_GetJobByUserFriendlyString() function due to
improper validation of user-supplied input. A remote,
unauthenticated attacker can exploit this issue, via a
specially crafted packet, to cause a stack-based buffer
overflow, resulting in a denial of service or the
execution of arbitrary code. (CVE-2015-1930)

- An overflow condition exists due to improper validation
of user-supplied input when handling opcode 1331. A
remote, unauthenticated attacker can exploit this issue,
via a specially crafted packet, to execute arbitrary
commands with a system call. (CVE-2015-1938)

- An unspecified flaw exists that occurs during the
handling of opcode 1329. A remote, unauthenticated
attacker can exploit this issue to gain access to
arbitrary files. (CVE-2015-1941)

- An unspecified flaw exists that occurs during the
handling of opcode 1332. A remote, unauthenticated
attacker can exploit this issue to write or execute
arbitrary files. (CVE-2015-1942)

- An overflow condition exists due to improper validation
of user-supplied input when handling opcode 1364. A
remote, unauthenticated attacker can exploit this
issue, via a specially crafted packet, to cause a
stack-based buffer overflow, resulting in a denial of
service condition or the execution of arbitrary code.
(CVE-2015-1948)

- An unspecified flaw exists that is triggered during the
handling of opcode 1330. A remote, unauthenticated
attacker can exploit this issue, via specially crafted
packet, to execute arbitrary commands with a system
call. (CVE-2015-1949)

- A format string flaw exists in the vsprintf() function
due to improper sanitization of user-supplied format
string specifiers when processing opcode 1335. A remote,
unauthenticated attacker can exploit this issue, via a
specially crafted packet, to cause a denial of service
condition or the execution of arbitrary code.
(CVE-2015-1953)

- An overflow condition exists due to improper validation
of user-supplied input. A remote, unauthenticated
attacker can exploit this issue to cause a stack-based
buffer overflow, resulting in a denial of service
condition or the execution of arbitrary code.
(CVE-2015-1954)

- An overflow condition exists due to improper validation
of user-supplied input. A remote, unauthenticated
attacker can exploit this issue to cause a stack-based
buffer overflow, resulting in a denial of service
condition or the execution of arbitrary code.
(CVE-2015-1962)

- An overflow condition exists due to improper validation
of user-supplied input. A remote, unauthenticated
attacker can exploit this issue to cause a stack-based
buffer overflow, resulting in a denial of service
condition or the execution of arbitrary code.
(CVE-2015-1963)

- An overflow condition exists due to improper validation
of user-supplied input. A remote, unauthenticated
attacker can exploit this issue to cause a stack-based
buffer overflow, resulting in a denial of service
condition or the execution of arbitrary code.
(CVE-2015-1964)

- An overflow condition exists due to improper validation
of user-supplied input. A remote, unauthenticated
attacker can exploit this issue to cause a stack-based
buffer overflow, resulting in a denial of service
condition or the execution of arbitrary code.
(CVE-2015-1965)

- A format string flaw exists in the vsprintf() function
due to improper sanitization of user-supplied format
string specifiers when processing opcode 1301. A remote,
unauthenticated attacker can exploit this issue, via a
specially crafted packet, to cause a denial of service
condition or the execution of arbitrary code.
(CVE-2015-1986)

- Multiple stack-based buffer overflow conditions exist
due to improper bounds checking. A remote attacker can
exploit these, via a crafted packet, to crash the server
or execute arbitrary code with SYSTEM privileges.
(CVE-2016-0212, CVE-2016-0213, CVE-2016-0216)

See also :

http://www.nessus.org/u?bc221f52
http://www.nessus.org/u?5833512d

Solution :

Upgrade to IBM Tivoli Storage Manager FastBack version 6.1.12 or
later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true