IBM Tivoli Storage Manager FastBack 6.1.x < 6.1.12 Multiple Vulnerabilities

Critical Nessus Plugin ID 84585

Synopsis

The remote backup service is affected by multiple vulnerabilities.

Description

The version of IBM Tivoli Storage Manager FastBack running on the remote host is 6.1.x prior to 6.1.12. It is, therefore, affected by multiple vulnerabilities :

- An overflow condition exists due to improper validation of user-supplied input when handling opcode 1331. A remote, unauthenticated attacker can exploit this issue to cause a buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
(CVE-2015-1923)

- An overflow condition exists due to improper validation of user-supplied input when handling opcode 1329. A remote, unauthenticated attacker can exploit this issue to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code. (CVE-2015-1924)

- An overflow condition exists due to improper validation of user-supplied input when handling opcode 1332. A remote, unauthenticated attacker can exploit this issue to cause an overflow, resulting in a denial of service condition or the execution of arbitrary code.
(CVE-2015-1925)

- A buffer overflow condition exists in the FXCLI_OraBR_Exec_Command() function due to improper validation of user-supplied input. A remote, unauthenticated attacker can exploit this issue, via a specially crafted packet, to cause a stack-based buffer overflow, resulting in a denial of service or the execution of arbitrary code. (CVE-2015-1929)

- A buffer overflow condition exists in the JOB_S_GetJobByUserFriendlyString() function due to improper validation of user-supplied input. A remote, unauthenticated attacker can exploit this issue, via a specially crafted packet, to cause a stack-based buffer overflow, resulting in a denial of service or the execution of arbitrary code. (CVE-2015-1930)

- An overflow condition exists due to improper validation of user-supplied input when handling opcode 1331. A remote, unauthenticated attacker can exploit this issue, via a specially crafted packet, to execute arbitrary commands with a system call. (CVE-2015-1938)

- An unspecified flaw exists that occurs during the handling of opcode 1329. A remote, unauthenticated attacker can exploit this issue to gain access to arbitrary files. (CVE-2015-1941)

- An unspecified flaw exists that occurs during the handling of opcode 1332. A remote, unauthenticated attacker can exploit this issue to write or execute arbitrary files. (CVE-2015-1942)

- An overflow condition exists due to improper validation of user-supplied input when handling opcode 1364. A remote, unauthenticated attacker can exploit this issue, via a specially crafted packet, to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
(CVE-2015-1948)

- An unspecified flaw exists that is triggered during the handling of opcode 1330. A remote, unauthenticated attacker can exploit this issue, via specially crafted packet, to execute arbitrary commands with a system call. (CVE-2015-1949)

- A format string flaw exists in the vsprintf() function due to improper sanitization of user-supplied format string specifiers when processing opcode 1335. A remote, unauthenticated attacker can exploit this issue, via a specially crafted packet, to cause a denial of service condition or the execution of arbitrary code.
(CVE-2015-1953)

- An overflow condition exists due to improper validation of user-supplied input. A remote, unauthenticated attacker can exploit this issue to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
(CVE-2015-1954)

- An overflow condition exists due to improper validation of user-supplied input. A remote, unauthenticated attacker can exploit this issue to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
(CVE-2015-1962)

- An overflow condition exists due to improper validation of user-supplied input. A remote, unauthenticated attacker can exploit this issue to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
(CVE-2015-1963)

- An overflow condition exists due to improper validation of user-supplied input. A remote, unauthenticated attacker can exploit this issue to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
(CVE-2015-1964)

- An overflow condition exists due to improper validation of user-supplied input. A remote, unauthenticated attacker can exploit this issue to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
(CVE-2015-1965)

- A format string flaw exists in the vsprintf() function due to improper sanitization of user-supplied format string specifiers when processing opcode 1301. A remote, unauthenticated attacker can exploit this issue, via a specially crafted packet, to cause a denial of service condition or the execution of arbitrary code.
(CVE-2015-1986)

- Multiple stack-based buffer overflow conditions exist due to improper bounds checking. A remote attacker can exploit these, via a crafted packet, to crash the server or execute arbitrary code with SYSTEM privileges.
(CVE-2016-0212, CVE-2016-0213, CVE-2016-0216)

Solution

Upgrade to IBM Tivoli Storage Manager FastBack version 6.1.12 or later.

See Also

http://www.nessus.org/u?bc221f52

http://www.nessus.org/u?5833512d

Plugin Details

Severity: Critical

ID: 84585

File Name: ibm_tsm_fastback_server_6_1_12.nasl

Version: 1.8

Type: remote

Family: General

Published: 2015/07/07

Modified: 2018/07/12

Dependencies: 83300, 11936

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_manager_fastback

Required KB Items: IBM Tivoli Storage Manager FastBack Server, Services/tsm-fastback

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/07/02

Vulnerability Publication Date: 2015/05/18

Exploitable With

Core Impact

Reference Information

CVE: CVE-2015-1923, CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1938, CVE-2015-1941, CVE-2015-1942, CVE-2015-1948, CVE-2015-1949, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, CVE-2015-1965, CVE-2015-1986, CVE-2016-0212, CVE-2016-0213, CVE-2016-0216

BID: 75444, 75445, 75446, 75447, 75448, 75449, 75450, 75451, 75452, 75453, 75454, 75455, 75456, 75457, 75458, 75459, 75461, 83278, 83280, 83281