Detections
Analytics

IBM Tivoli Storage Manager FastBack 5.5.x Multiple Vulnerabilities

critical Nessus Plugin ID 89691

Language:

Synopsis

The remote backup service is affected by multiple vulnerabilities.

Description

The version of IBM Tivoli Storage Manager FastBack running on the remote host is 5.5.x. It is, therefore, affected by multiple stack-based buffer overflow conditions due to improper bounds checking. A remote attacker can exploit these, via a crafted packet, to crash the server or execute arbitrary code with SYSTEM privileges.

Solution

Upgrade to IBM Tivoli Storage Manager FastBack version 6.1.12 or later.

See Also

http://www.nessus.org/u?5833512d

Plugin Details

Severity: Critical

ID: 89691

File Name: ibm_tsm_fastback_server_5_5.nasl

Version: 1.5

Type: remote

Family: General

Published: 3/4/2016

Updated: 11/20/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2016-0216

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_manager_fastback

Required KB Items: IBM Tivoli Storage Manager FastBack Server, Services/tsm-fastback

Exploit Ease: No known exploits are available

Patch Publication Date: 2/15/2016

Vulnerability Publication Date: 2/15/2016

Reference Information

CVE: CVE-2016-0212, CVE-2016-0213, CVE-2016-0216

BID: 83278, 83280, 83281