IBM Tivoli Storage Manager FastBack Server Opcode 1329 Information Disclosure

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

A remote backup service is affected by an information disclosure
vulnerability.

Description :

The IBM Tivoli Storage Manager FastBack Server running on the remote
host is affected by an information disclosure vulnerability due to
improper processing of opcode 1329. An unauthenticated, remote
attacker can exploit this, by sending a crafted packet to TCP port
11460, to read the contents of arbitrary files.

Note that the FastBack Server running on the remote host is reportedly
affected by other vulnerabilities as well; however, this plugin has
not tested for them.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-15-268/
http://www.nessus.org/u?bc221f52

Solution :

Upgrade to IBM Tivoli Storage Manager FastBack version 6.1.12 or
later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: General

Nessus Plugin ID: 91502 ()

Bugtraq ID: 75446

CVE ID: CVE-2015-1941

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now