IBM Tivoli Storage Manager FastBack Mount CMountDismount::GetVaultDump RCE
Critical Nessus Plugin ID 96143
SynopsisA virtual mount application running on the remote host is affected by a remote code execution vulnerability.
DescriptionThe IBM Tivoli Storage Manager (TSM) FastBack Mount application running on the remote host is affected by a remote code execution vulnerability in the FastBackServer.exe service due to improper validation of user-supplied input to the CMountDismount::GetVaultDump method. An unauthenticated, remote attacker can exploit this, by sending a crafted packet to TCP port 30051, to cause a stack-based buffer overflow, resulting in a denial of service condition or the execution of arbitrary code.
Note that the FastBack Mount application running on the remote host is reportedly affected by other vulnerabilities as well; however, Nessus has not tested for them.
SolutionUpgrade to IBM Tivoli Storage Manager FastBack version 18.104.22.168 or later.