IBM Tivoli Storage Manager FastBack 5.5.x / 6.1.x < 6.1.12.2 Multiple Vulnerabilities

Critical Nessus Plugin ID 89788

Synopsis

The remote backup service is affected by multiple vulnerabilities.

Description

The version of IBM Tivoli Storage Manager FastBack running on the remote host is 5.5.x or 6.1.x prior to 6.1.12.2. It is, therefore, affected by multiple vulnerabilities :

- Multiple buffer overflow conditions exist in server command processing due to improper bounds checking of user-supplied input. An unauthenticated, remote attacker can exploit these to cause a buffer overflow, resulting in a denial of service or the execution of arbitrary code with system privileges. (CVE-2015-8519, CVE-2015-8520, CVE-2015-8521, CVE-2015-8522)

- A denial of service vulnerability exists that allows an unauthenticated, remote attacker to shut down the service via a specially crafted TCP packet.
(CVE-2015-8523)

Solution

Upgrade to IBM Tivoli Storage Manager FastBack version 6.1.12.2 or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21975536

Plugin Details

Severity: Critical

ID: 89788

File Name: ibm_tsm_fastback_server_6_1_12_2.nasl

Version: 1.5

Type: remote

Family: General

Published: 2016/03/09

Modified: 2018/07/12

Dependencies: 83300, 11936

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_manager_fastback

Required KB Items: IBM Tivoli Storage Manager FastBack Server, Services/tsm-fastback

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2016/03/01

Vulnerability Publication Date: 2016/03/01

Reference Information

CVE: CVE-2015-8519, CVE-2015-8520, CVE-2015-8521, CVE-2015-8522, CVE-2015-8523

BID: 84161, 84163, 84164, 84166, 84167

IAVB: 2016-B-0045