IBM Tivoli Storage Manager Server 5.5.x Multiple Vulnerabilities

Low Nessus Plugin ID 77116

Synopsis

The remote backup service is affected by multiple vulnerabilities.

Description

The version of IBM Tivoli Storage Manager installed on the remote host is 5.5 running on Windows or AIX. It is, therefore, potentially affected by multiple flaws in its bundled SSL library:

- A flaw that could allow a remote attacker to cause a denial of service via a specially crafted 'ClientHello' message. (CVE-2012-2190).

- A flaw that could allow a remote attacker to cause a denial of service via a specially crafted value in the TLS Record Layer. (CVE-2012-2191).

- A flaw that could allow a remote attacker to perform a statistical timing attack known as 'Lucky Thirteen'.
(CVE-2013-0169).

Solution

Upgrade to IBM Tivoli Storage Manager 6.2.6.0, 6.3.4.200 or later or disable SSL.

See Also

http://www.nessus.org/u?7d4a4639

http://www.nessus.org/u?004af981

http://www.nessus.org/u?9986de60

http://www.nessus.org/u?c6ba80ec

http://www.nessus.org/u?8e222bc8

http://www.nessus.org/u?002f4534

Plugin Details

Severity: Low

ID: 77116

File Name: ibm_tsm_server_5_5_x.nasl

Version: 1.4

Type: remote

Family: General

Published: 2014/08/11

Updated: 2019/11/25

Dependencies: 25656

Risk Information

Risk Factor: Low

CVSS Score Source: CVE-2013-0169

CVSS v2.0

Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_manager

Required KB Items: installed_sw/IBM Tivoli Storage Manager

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2014/03/28

Vulnerability Publication Date: 2012/08/06

Reference Information

CVE: CVE-2012-2190, CVE-2012-2191, CVE-2013-0169

BID: 54743, 55185, 57778