ID CVE-2015-4932 Type cve Reporter cve@mitre.org Modified 2016-12-22T02:59:00
Description
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4933, CVE-2015-4934, and CVE-2015-4935.
{"zdi": [{"lastseen": "2020-06-22T11:40:58", "bulletinFamily": "info", "cvelist": ["CVE-2015-4932"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of opcode 1365. By sending a crafted packet on TCP port 11460, an attacker is able to cause a stack buffer overflow when handling a Files Restore Agents list. An attacker can use this to execute arbitrary code under the context of SYSTEM.", "modified": "2015-06-22T00:00:00", "published": "2015-07-30T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-15-373/", "id": "ZDI-15-373", "title": "IBM Tivoli Storage Manager FastBack Server Opcode 1365 Files Restore Agents Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T03:16:21", "description": "The version of IBM Tivoli Storage Manager FastBack running on the\nremote host is 6.1.x prior to 6.1.12.1. It is, therefore, affected by\nmultiple stack-based buffer overflow conditions that can be exploited\nby a remote attacker, using specially crafted packets, to cause a\ndenial of service or possibly execute arbitrary code in the SYSTEM\ncontext :\n\n - User-supplied input is not properly validated when\n handling opcode 4115, resulting in a buffer overflow.\n (CVE-2015-4931)\n\n - User-supplied input is not properly validated when\n handling opcode 1365 in a Files Restore Agents list,\n resulting in a buffer overflow. (CVE-2015-4932)\n\n - User-supplied input is not properly validated when\n handling opcode 1365 in a Volume Restore Agents list,\n resulting in a buffer overflow. (CVE-2015-4933)\n\n - User-supplied input is not properly validated when\n handling opcode 8192, resulting in a buffer overflow.\n (CVE-2015-4934)\n\n - User-supplied input is not properly validated when\n handling opcode 4755, resulting in a buffer overflow.\n (CVE-2015-4935)", "edition": 24, "published": "2015-08-06T00:00:00", "title": "IBM Tivoli Storage Manager FastBack 6.1.x < 6.1.12.1 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4935", "CVE-2015-4932", "CVE-2015-4931", "CVE-2015-4933", "CVE-2015-4934"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:ibm:tivoli_storage_manager_fastback"], "id": "IBM_TSM_FASTBACK_SERVER_6_1_12_1.NASL", "href": "https://www.tenable.com/plugins/nessus/85254", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85254);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\n\n script_cve_id(\n \"CVE-2015-4931\",\n \"CVE-2015-4932\",\n \"CVE-2015-4933\",\n \"CVE-2015-4934\",\n \"CVE-2015-4935\"\n );\n\n script_name(english:\"IBM Tivoli Storage Manager FastBack 6.1.x < 6.1.12.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of IBM TSM.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote backup service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM Tivoli Storage Manager FastBack running on the\nremote host is 6.1.x prior to 6.1.12.1. It is, therefore, affected by\nmultiple stack-based buffer overflow conditions that can be exploited\nby a remote attacker, using specially crafted packets, to cause a\ndenial of service or possibly execute arbitrary code in the SYSTEM\ncontext :\n\n - User-supplied input is not properly validated when\n handling opcode 4115, resulting in a buffer overflow.\n (CVE-2015-4931)\n\n - User-supplied input is not properly validated when\n handling opcode 1365 in a Files Restore Agents list,\n resulting in a buffer overflow. (CVE-2015-4932)\n\n - User-supplied input is not properly validated when\n handling opcode 1365 in a Volume Restore Agents list,\n resulting in a buffer overflow. (CVE-2015-4933)\n\n - User-supplied input is not properly validated when\n handling opcode 8192, resulting in a buffer overflow.\n (CVE-2015-4934)\n\n - User-supplied input is not properly validated when\n handling opcode 4755, resulting in a buffer overflow.\n (CVE-2015-4935)\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg21961928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-15-375/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-15-373/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-15-374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-15-376/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-15-372/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to IBM Tivoli Storage Manager FastBack version 6.1.12.1 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:tivoli_storage_manager_fastback\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"General\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ibm_tsm_fastback_detect.nbin\", \"os_fingerprint.nasl\");\n script_require_keys(\"IBM Tivoli Storage Manager FastBack Server\", \"Services/tsm-fastback\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"audit.inc\");\n\nport = get_service(svc:\"tsm-fastback\", default:11460, ipproto:\"tcp\", exit_on_fail:TRUE);\napp_name = \"IBM Tivoli Storage Manager FastBack Server\";\n\nversion = get_kb_item_or_exit(app_name + \"/\" + port + \"/version\");\n\nos = get_kb_item(\"Host/OS\");\n\n# We only care about 6.1 specifically.\nif(version !~ \"^6\\.1(\\.|$)\") audit(AUDIT_NOT_LISTEN, app_name +\" 6.1\", port);\n\n# If we can't determine the OS and we don't have paranoia on we do not continue\n# this is probably a version so old it does not matter for these checks anyway\nif(isnull(os) && report_paranoia < 2) exit(1,\"Cannot determine the operating system type.\");\n\n# Only Windows targets are affected.\nif(\"Windows\" >!< os) audit(AUDIT_OS_NOT, 'Windows');\n\n# Check for fixed version\nfix = \"6.1.12.1\";\nif(ver_compare(ver:version,fix:fix,strict:FALSE) < 0)\n{\n if(report_verbosity > 0)\n {\n report =\n '\\n Product : ' + app_name +\n '\\n Port : ' + port +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port,extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, app_name, port);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
