IBM Tivoli Storage Manager Client Multiple Vulnerabilities (swg21405562)
Critical Nessus Plugin ID 42824
SynopsisThe remote backup client is susceptible to multiple attacks.
DescriptionThe remote host is running an IBM Tivoli Storage Manager (TSM) client.
The version running on the remote host has one or more of the following vulnerabilities :
- A remote stack-based buffer overflow in the client acceptor daemon (CAD) scheduler could lead to the execution of arbitrary code. (CVE-2009-3853)
- A remote, stack-based buffer overflow in the traditional scheduler could lead to the execution of arbitrary code. (CVE-2009-3854)
- There is an unspecified, unauthorized access vulnerability in the Unix, Linux, and OS/400 API clients when specifying the MAILPROG option. This vulnerability reportedly allows a remote attacker to modify arbitrary files on the remote host. (CVE-2009-2855)
SolutionUpgrade to the relevant version of Tivoli Storage Manager client referenced in the vendor's advisory.