Lucene search

IBM521C96F4E881CDF1B2115492CD779CE7D139D24FDC68046E886A736D6FCE1047

HistoryAug 19, 2022 - 6:23 p.m.

Security Bulletin: IBM Tivoli Storage Manager FastBack Stack-Based Buffer Overflow Elevation of Privilege Vulnerability (CVE-2015-1896)

2022-08-1918:23:31

www.ibm.com

ibm

tivoli

storage manager

fastback

buffer overflow

elevation of privilege

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.849

Percentile

98.5%

JSON

Summary

The IBM Tivoli Storage Manager FastBack mount process is vulnerable to a stack-based buffer overflow. A local or network attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.

Vulnerability Details

CVEID: CVE-2015-1896**
DESCRIPTION:** IBM Tivoli Storage Manager is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by FastBackMount process. An attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the server to crash.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101544> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Affected Products and Versions

IBM Tivoli Storage Manager FastBack Mount 6.1.11 and earlier

Remediation/Fixes

_FastBack Release _

| First Fixing
VRMF Level| Platfom| APAR| Link to fix
—|—|—|—|—
6.1 | 6.1.11.1| Windows| None| http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Tivoli+Storage+Manager+FastBack&fixids=6.1.11.1-TIV-TSMFB-FP001&source=SAR

Workarounds and Mitigations

None.

Affected configurations

Vulners

Node

ibmtivoli_storage_manager_fastbackMatch6.1

ibmtivoli_storage_manager_fastbackMatch6.1.1

ibmtivoli_storage_manager_fastbackMatch6.1.2

ibmtivoli_storage_manager_fastbackMatch6.1.3

ibmtivoli_storage_manager_fastbackMatch6.1.4

ibmtivoli_storage_manager_fastbackMatch6.1.5

ibmtivoli_storage_manager_fastbackMatch6.1.6

ibmtivoli_storage_manager_fastbackMatch6.1.7

ibmtivoli_storage_manager_fastbackMatch6.1.8

ibmtivoli_storage_manager_fastbackMatch6.1.9

VendorProductVersionCPE
ibmtivoli_storage_manager_fastback6.1cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1:*:*:*:*:*:*:*
ibmtivoli_storage_manager_fastback6.1.1cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.1:*:*:*:*:*:*:*
ibmtivoli_storage_manager_fastback6.1.2cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.2:*:*:*:*:*:*:*
ibmtivoli_storage_manager_fastback6.1.3cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.3:*:*:*:*:*:*:*
ibmtivoli_storage_manager_fastback6.1.4cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.4:*:*:*:*:*:*:*
ibmtivoli_storage_manager_fastback6.1.5cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.5:*:*:*:*:*:*:*
ibmtivoli_storage_manager_fastback6.1.6cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.6:*:*:*:*:*:*:*
ibmtivoli_storage_manager_fastback6.1.7cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.7:*:*:*:*:*:*:*
ibmtivoli_storage_manager_fastback6.1.8cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.8:*:*:*:*:*:*:*
ibmtivoli_storage_manager_fastback6.1.9cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_storage_manager_fastback	6.1	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1:::::::*
ibm	tivoli_storage_manager_fastback	6.1.1	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.1:::::::*
ibm	tivoli_storage_manager_fastback	6.1.2	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.2:::::::*
ibm	tivoli_storage_manager_fastback	6.1.3	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.3:::::::*
ibm	tivoli_storage_manager_fastback	6.1.4	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.4:::::::*
ibm	tivoli_storage_manager_fastback	6.1.5	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.5:::::::*
ibm	tivoli_storage_manager_fastback	6.1.6	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.6:::::::*
ibm	tivoli_storage_manager_fastback	6.1.7	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.7:::::::*
ibm	tivoli_storage_manager_fastback	6.1.8	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.8:::::::*
ibm	tivoli_storage_manager_fastback	6.1.9	cpe:2.3:a:ibm:tivoli_storage_manager_fastback:6.1.9:::::::*