SynopsisThe remote backup service is affected by multiple vulnerabilities.
DescriptionThe version of IBM Tivoli Storage Manager FastBack running on the remote host is 5.5.x or 6.1.x prior to 18.104.22.168. It is, therefore, affected by multiple vulnerabilities :
- Multiple buffer overflow conditions exist in server command processing due to improper bounds checking of user-supplied input. An unauthenticated, remote attacker can exploit these to cause a buffer overflow, resulting in a denial of service or the execution of arbitrary code with system privileges. (CVE-2015-8519, CVE-2015-8520, CVE-2015-8521, CVE-2015-8522)
- A denial of service vulnerability exists that allows an unauthenticated, remote attacker to shut down the service via a specially crafted TCP packet.
SolutionUpgrade to IBM Tivoli Storage Manager FastBack version 22.214.171.124 or later.