IBM7F7FC1716CF14AADB435D43DDA5E33B0FAF7C91FA06A8FE73F5DC90388B707CDSecurity Bulletin: Stack-based Buffer Overflow vulnerabilities in IBM Spectrum Protect Back-up Archive Client and IBM Spectrum Protect for Space Management (CVE-2021-29672, CVE-2021-20546)
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.7%
Summary
IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Space Management are vulnerable to stack-based buffer overflows caused by improper bounds checking. UDPATED: 14 June 2021 - Added 7.1 fix. UPDATED: 25 June 2021 - Added 8.1.9.2 fix for Macintosh
Vulnerability Details
CVEID:CVE-2021-29672
**DESCRIPTION:**IBM Spectrum Protect client is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199479 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2021-20546
**DESCRIPTION:**IBM Spectrum Protect Client is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and cause the application to crash.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/198934 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Spectrum Protect Backup-Archive Client | 8.1.0.0-8.1.11.0 |
| 7.1.0.0-7.1.8.10 |
IBM Spectrum Protect for Space Management| 8.1.0.0-8.1.11.0
7.1.0.0-7.1.8.10
Remediation/Fixes
IBM Spectrum Protect
Backup-Archive Client Release|First Fixing
VRM Level|Platform|Link to Fix
—|—|—|—
8.1| 8.1.12| AIX
Linux
Macintosh
Solaris
Windows| <https://www.ibm.com/support/pages/node/6443671>
8.1
| 8.1.9.2*****
| Macintosh*****
| <https://www.ibm.com/support/pages/node/589103>
7.1
| 7.1.8.11
| AIX
HP-UX
Linux
Macintosh
Solaris
Windows| <https://www.ibm.com/support/pages/node/316619>
*****An 8.1.9.2 fix was provided for Macintosh because the Spectrum Protect Backup-Archive Client was stabilized at 8.1.9 for older Mac OS levels.
Refer to <https://www.ibm.com/support/pages/node/660995> for more information.
IBM Spectrum Protect for
Space Management Release|First Fixing
VRM Level|Platform|Link to Fix
—|—|—|—
8.1| 8.1.12| AIX
Linux| <https://www.ibm.com/support/pages/node/6416187>
7.1
| 7.1.8.11
| AIX
Linux
| <https://www.ibm.com/support/pages/node/316075>
Workarounds and Mitigations
None
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.7%