The Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled allowing a local attacker to execute arbitrary code on the system or cause a system crash.
CVEID: CVE-2016-5985**
DESCRIPTION:** The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a system crash.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116555 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
The following levels of IBM Tivoli Storage Manager (IBM Spectrum Protect) Client are affected on the AIX platform:
Tivoli Storage Manager Client Release
| First
Fixing
VRM Level|Platform|**_
_** APAR|Link to Fix / Fix Availability Target
—|—|—|—|—
7.1| 7.1.6.3| AIX| IT16445| http://www.ibm.com/support/docview.wss?uid=swg24042496
6.4| 6.4.3.4| AIX| IT16445| http://www.ibm.com/support/docview.wss?uid=swg24041144
6.3| 6.3.2.6| AIX| IT16445| http://www.ibm.com/support/docview.wss?uid=swg24037930
6.2, 6.1, and 5.5|
| AIX|
| Obtain a fixed version of the file path driver using the instructions provided below. Please contact IBM support if you have any questions.
Obtain a fixed version of the file path driver (6.2, 6.1, and 5.5 clients only)
The following steps can be done to obtain a fixed version of the file path driver which includes the fix for this vulnerability:
None