Lucene search

K
ibmIBMBDE28D1BCF0D3F413A29EAB757369C95A389D3713C05A0F033DEA5662D7AD202
HistoryAug 19, 2022 - 6:23 p.m.

Security Bulletin: IBM Tivoli Storage Manager FastBack Stack-Based Buffer Overflow Elevation of Privilege Vulnerability (CVE-2015-1897)

2022-08-1918:23:31
www.ibm.com
15

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

Summary

The IBM Tivoli Storage Manager FastBack mount process is vulnerable to a stack-based buffer overflow. A local or network attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.

Vulnerability Details

CVEID: CVE-2015-1897

DESCRIPTION: IBM Tivoli Storage Manager is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by FastBackMount process. An attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the server to crash.

CVSS Base Score: 10

CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101632&gt; for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Affected Products and Versions

IBM Tivoli Storage Manager FastBack Mount 6.1.11 and earlier.

Remediation/Fixes

_FastBack Release _

| First Fixing
VRMF Level
| Platfom| APAR| Link to fix
—|—|—|—|—
6.1 | 6.1.11.1| Windows| None| http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Tivoli+Storage+Manager+FastBack&fixids=6.1.11.1-TIV-TSMFB-FP001&source=SAR

Workarounds and Mitigations

None.

Affected configurations

Vulners
Node
ibmtivoli_storage_manager_fastbackMatch6.1
OR
ibmtivoli_storage_manager_fastbackMatch6.1.1
OR
ibmtivoli_storage_manager_fastbackMatch6.1.2
OR
ibmtivoli_storage_manager_fastbackMatch6.1.3
OR
ibmtivoli_storage_manager_fastbackMatch6.1.4
OR
ibmtivoli_storage_manager_fastbackMatch6.1.5
OR
ibmtivoli_storage_manager_fastbackMatch6.1.6
OR
ibmtivoli_storage_manager_fastbackMatch6.1.7
OR
ibmtivoli_storage_manager_fastbackMatch6.1.8
OR
ibmtivoli_storage_manager_fastbackMatch6.1.9

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

Related for BDE28D1BCF0D3F413A29EAB757369C95A389D3713C05A0F033DEA5662D7AD202