IBM Tivoli Storage Manager Client Multiple Vulnerabilities (swg21268775)
Critical Nessus Plugin ID 26187
SynopsisThe remote backup client is susceptible to multiple attacks.
DescriptionThe remote host is running an IBM Tivoli Storage Manager (TSM) client.
The version of the TSM client installed on the remote host reportedly contains a buffer overflow vulnerability in its Client Acceptor Daemon (CAD) service. Using an HTTP request with a long Host header, a remote attacker may be able to exploit this issue to crash the affected host or to execute arbitrary commands with administrative privileges.
In addition, the use of server-initiated prompted scheduling also may allow unauthorized access to the client's data under certain conditions.
SolutionUpgrade to Tivoli Storage Manager version 126.96.36.199 / 188.8.131.52 / 184.108.40.206 / 220.127.116.11 backup-archive client or the Tivoli Storage Manager Express 18.104.22.168 client.