IBM Tivoli Storage Manager Server 6.1.x Multiple Vulnerabilities
Medium Nessus Plugin ID 77117
SynopsisThe remote backup service is affected by multiple vulnerabilities.
DescriptionThe version of IBM Tivoli Storage Manager installed on the remote host is 6.1 running on Windows or AIX. It is, therefore, potentially affected by multiple flaws in its bundled SSL library:
- A flaw that could allow a remote attacker to cause a denial of service via a specially crafted 'ClientHello' message. (CVE-2012-2190).
- A flaw that could allow a remote attacker to cause a denial of service via a specially crafted value in the TLS Record Layer. (CVE-2012-2191).
- A flaw that could allow a remote attacker to perform a statistical timing attack known as 'Lucky Thirteen'.
SolutionUpgrade to IBM Tivoli Storage Manager 188.8.131.52, 184.108.40.206 or later or disable SSL.