Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM333B3CC118523BC69960E390C5A632BAEFF0FCC7A88722BE0A08BD147400BE99
HistoryJun 17, 2018 - 2:55 p.m.

Security Bulletin: Tivoli Storage Manager Stack-based Buffer Overflow Elevation of Privilege: CVE-2014-6184

2018-06-1714:55:58
www.ibm.com
4

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

A vulnerability in the IBM Tivoli Storage Manager (TSM) client could allow a local user to gain elevated privileges due to a stack-based buffer overflow.

Vulnerability Details

CVEID:_ CVE-2014-6184_
DESCRIPTION:
IBM Tivoli Storage Manager is vulnerable to a stack buffer overflow. A local attacker could overflow a buffer and execute arbitrary code on the system with root privileges.

CVSS Base Score: 7.2
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/98520&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C )

Affected Products and Versions

    • TSM Client 6.3.0.0 through 6.3.2.2
  • TSM Client 6.2.0.0 through 6.2.5.3
  • TSM Client 6.1.0.0 through 6.1.5.6
  • TSM Client 5.5.0.0 through 5.5.4.3
  • TSM Client 5.4.0.0 through 5.4.3.6

Remediation/Fixes

TSM Release

| First Fixing VRMF Level|Client Platform|APAR|Link to fix
—|—|—|—|—
6.3

| 6.3.2.3

| AIX
HP-UX
Linux
Solaris
Mac| IT05707

| <http://www.ibm.com/support/docview.wss?uid=swg24037930&gt;

6.2| 6.2.5.4| AIX
HP-UX
Linux
Solaris
Mac| IT05707| <http://www.ibm.com/support/docview.wss?uid=swg24036287&gt;
6.1| 6.1.5.7| AIX
HP-UX
Linux
Solaris
Mac| IT05707| Customers with support extensions on 6.1 should contact IBM Support.
5.5| 5.5.4.4| AIX
HP-UX
Linux
Solaris
Mac| IT05707| Customers with support extensions on 5.5 should contact IBM Support.
5.4| 5.4.3.7| AIX
HP-UX
Linux
Solaris
Mac| IT05707| Customers with support extensions on 5.4 should contact IBM Support.
6.3 B/A clients in 6.3 TSM for Space Management package| 6.3.2.3| AIX
Linux x86

| IT05707| <http://www.ibm.com/support/docview.wss?uid=swg24038153&gt;
6.2 B/A clients in 6.2 TSM for Space Management package| 6.2.5.4| AIX
Linux x86| IT05707| http://www.ibm.com/support/docview.wss?uid=swg24036287
6.1 B/A clients in 6.1 TSM for Space Management package| 6.1.5.7| HP-UX
Solaris| IT05707| <http://www.ibm.com/support/docview.wss?uid=swg24031758&gt;
6.1 B/A clients in 6.1 TSM for Space Management package| none, beyond support| AIX
Linux x86|
| Upgrade to fixing level or apply workaround.
5.5 and lower B/A clients and 5.5 and lower TSM Space Management | none, beyond support| AIX
Linux x86
HP-UX
Solaris|
| Upgrade to fixing level or apply workaround.

Workarounds and Mitigations

Remove the Trusted Communications Agent (TCA), module dsmtca, from the TSM client machine. This will disable all non root users from running the TSM Client.

Related

cve 1
cvelist 1
nvd 1
prion 1
cve
cve
CVE-2014-6184
2015-02-22 02:59:00
cvelist
cvelist
CVE-2014-6184
2015-02-22 02:00:00
nvd
nvd
CVE-2014-6184
2015-02-22 02:59:00
prion
prion
Stack overflow
2015-02-22 02:59:00

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for 333B3CC118523BC69960E390C5A632BAEFF0FCC7A88722BE0A08BD147400BE99
cve1cvelist1nvd1prion1