IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect for Virtual Environments is vulnerable to a denial of service caused by incorrect accumulation of TCP/IP sockets in a CLOSE_WAIT state.
UPDATED: 8/21/2019 - Corrected Affected Product Versions
CVEID: CVE-2018-1786 DESCRIPTION: IBM Spectrum Protect dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148871> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
This security exposure affects the following products and levels:
IBM Spectrum Protect (formerly Tivoli Storage Manager) Client levels:
- 8.1.2.0 through 8.1.6.0
- 7.1.8.0 through 7.1.8.3
IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage Manager for Virtual Environments): Data Protection for VMware levels:
- 8.1.2.0 through 8.1.6.0
- 7.1.8.0 through 7.1 8.3
IBM Spectrum Protect for Virtual Environments (formerly Tivoli Storage for Virtual Environments): Data Protection for Hyper-V levels:
- 8.1.2.0 through 8.1.6.0
- 7.1.8.0 through 7.1.8.0
IBM Spectrum Protect Client Release | First Fixing VRM Level | APAR | Platform | Link to Fix |
---|---|---|---|---|
8.1 | 8.1.6.1 | IT25837 | AIX | |
Linux | ||||
Macintosh | ||||
Solaris | ||||
Windows |
<http://www.ibm.com/support/docview.wss?uid=swg24043653>
7.1 | 7.1.8.4 | IT25837 | AIX
HP-UX
Linux
Macintosh
Solaris
Windows |
<http://www.ibm.com/support/docview.wss?uid=swg24044550>
.
Data Protection for VMware Release | First Fixing VRM Level | APAR | Platform | Link to Fix |
---|---|---|---|---|
8.1 | 8.1.6.1 | IT26344 | Linux | |
Windows |
<http://www.ibm.com/support/docview.wss?uid=ibm10739257>
7.1 | 7.1.8.4 | IT26344 | Linux
Windows |
Data Protection for VMware 7.1 customers can upgrade to Data Protection for VMware 7.1.8.4 or apply the above 7.1.8.4 client fix.
Data Protection for VMware 7.1.8.4 link:
[https://www.ibm.com/support/docview.wss?uid=swg24044553](<https://www.ibm.com/support/docview.wss?uid=swg24044553 >)
Client 7.1.8.4 link:
<http://www.ibm.com/support/docview.wss?uid=swg24044550>
.
Data Protectin for Hyper-V Release | First Fixing VRM Level | APAR | Platform | Link to Fix |
---|---|---|---|---|
8.1 | 8.1.6.1 | IT26345 | Windows | <http://www.ibm.com/support/docview.wss?uid=ibm10739263> |
7.1 | Windows |
Apply the above 7.1.8.4 client fix using the following link:
<http://www.ibm.com/support/docview.wss?uid=swg24044550>
.
None