Security Bulletin: IBM Tivoli Storage Manager FastBack Server Opcode 1364 Stack Buffer Overflow Remote Code Execution Vulnerability (CVE-2015-1948)

Summary

The IBM Tivoli Storage Manager FastBack Server is vulnerable to a stack-based buffer overflow. An attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash.

Vulnerability Details

CVEID: CVE-2015-1948**
DESCRIPTION:** IBM Tivoli Storage Manager FastBack Server is vulnerable to a stack based buffer overflow, which would allow a remote attacker to cause the server to crash.
CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103205&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Affected Products and Versions

IBM Tivoli Storage Manager FastBack Server 6.1.11.1 and earlier.

Remediation/Fixes

_FastBack Release _

| First FixingVRMF Level| Platfom| APAR| Link to fix
—|—|—|—|—
6.1 | 6.1.12| Windows| None| <http://www-933.ibm.com/support/fixcentral/swg/selectFix?product=ibm%2FTivoli%2FIBM+Tivoli+Storage+Manager+FastBack&gt;

Workarounds and Mitigations

None