Security Bulletin: IBM Tivoli Storage Manager FastBack affected by Stack-Based Buffer Overflow Elevation of Privilege Vulnerability - CORRECTION

Summary

The IBM Tivoli Storage Manager FastBack mount process is vulnerable to a stack-based buffer overflow. A local or remote attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the application to crash. On November 21, 2016 this vulnerability was incorrectly reported as CVE-2016-6091. The correct CVE IDs for these vulnerabilities are CVE-2015-1897 and CVE-2015-0119.

Vulnerability Details

Please consult the security bulletins IBM Tivoli Storage Manager FastBack Stack-Based Buffer Overflow Elevation of Privilege Vulnerability (CVE-2015-1897)_ and IBM Tivoli Storage Manager FastBack Mount Remote Code Execution Vulnerability (CVE-2015-0119) _for vulnerability details and information about fixes.

Affected Products and Versions

IBM Tivoli Storage Manager FastBack Mount 6.1.11 and earlier.

Remediation/Fixes

Please consult the security bulletins IBM Tivoli Storage Manager FastBack Stack-Based Buffer Overflow Elevation of Privilege Vulnerability (CVE-2015-1897)_ and IBM Tivoli Storage Manager FastBack Mount Remote Code Execution Vulnerability (CVE-2015-0119) _for information on applying the appropriate fixes.

Workarounds and Mitigations

None