Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD9377BAAA5D9916B66B7B2676AA5C4F152E01DB85F6D72F2E25A19CD5D3D62BB
HistoryJun 17, 2018 - 3:07 p.m.

Security Bulletin: Confidential data exposure when restoring Microsoft Exchange mailboxes which have the same alias defined CVE-2015-4950

2018-06-1715:07:33
www.ibm.com
7

0.001 Low

EPSS

Percentile

46.3%

JSON

Summary

In environments with duplicated mailbox aliases, FlashCopy Manager for Microsoft Exchange, Data Protection for Microsoft Exchange, and FastBack for Microsoft Exchange may open and restore the wrong mailbox.

Vulnerability Details

CVEID: CVE-2015-4950**
DESCRIPTION:** IBM Tivoli Storage FlashCopy Manager, Tivoli Storage Manager for Mail, and Tivoli Storage Manager FastBack for Microsoft Exchange could allow a local user with elevated privileges to obtain sensitive information by manipulating mailbox names that share the same alias.

For example:

Mailbox Display Name Alias
mailbox1 sales
mailbox2 sales

When two mailboxes have the same alias, users may encounter the following problems when using affected software:

  • the Mailbox Restore Browser interface may populate mailboxes with the folders and messages from a different mailbox than the one intended
  • restoring a mailbox via the CLI interface, using the alias instead of the mailbox display name, may restore a different mailbox than the one intended
  • the mailbox history may not correctly represent the mailboxes that share the same alias

In the case of the product, Tivoli Storage Manager Fastback for Microsoft Exchange, the software may also open the wrong mailbox when using the “Open Mailbox” function. Subsequently, folders and messages could be restored to that incorrect mailbox.

CVSS Base Score: 4.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104954 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Tivoli Storage FlashCopy Manager for Microsoft Exchange Server 2.1, 2.2, 3.1, 3.2, and 4.1
Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1, 6.3, 6.4, and 7.1
Tivoli Storage Manager Fastback for Microsoft Exchange 6.1

Remediation/Fixes

Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server

Affected V.R Fixing VRMF APAR Remediation/First Fix
4.1 4.1.1 IT04251 Note that 4.1.1 is no longer available for download. You can download 4.1.4 or higher to obtain the fix:<ftp://public.dhe.ibm.com/storage/tivoli-storage-flashcopymanager/maintenance/v4r1/windows/v414/&gt;
3.2 3.2.1.7 IT04251 Note that 3.2.1.7 is no longer available for download. You can download 3.2.1.9 to obtain the fix:
<ftp://public.dhe.ibm.com/storage/tivoli-storage-flashcopymanager/patches/v3r2/windows/v321/&gt;

However, this product bundles Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange 6.4.x as the FlashCopy Manager for Microsoft Exchange 3.2.x component. Therefore, you may install and use the 6.4.1.4 fix from the table below to resolve this vulnerability for the FlashCopy Manager for Microsoft Exchange software.
3.1| None| IT04251| This product bundles Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange 6.3.x as the FlashCopy Manager for Microsoft Exchange 3.1.x component. Therefore, you may install and use the 6.3.1.3 fix from the table below to resolve this vulnerability for the FlashCopy Manager for Microsoft Exchange software.
2.2| None| IT04251| This product bundles Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange 6.1.x as the FlashCopy Manager for Microsoft Exchange 2.2.x component. Therefore, you may install and use the 6.1.3.6 fix from the table below to resolve this vulnerability for the FlashCopy Manager for Microsoft Exchange software.
2.1| None| IT04251| This release of the product is end of support and is not eligible for support extensions. Therefore, no fix is planned. IBM recommends upgrading to a fixed, supported version/release/platform of the product.

However, this product bundles Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange 6.1.x as the FlashCopy Manager for Microsoft Exchange 2.1.x component. Therefore, you may install and use the 6.1.3.6 fix from the table below to resolve this vulnerability for the FlashCopy Manager for Microsoft Exchange software.

Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server****Affected V.R Fixing VRMF APAR Remediation/First Fix
7.1 7.1.0.2 IT04251 Download packages for Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1.0 interim fix packages (7.1.0.x) and READMEs have been removed from the web as they contain unremediated security vulnerabilities. The latest version of 7.1 (7.1.6) contains fixes for the most recent known security and product issues, and can be found using this link:
http://www.ibm.com/support/docview.wss?uid=swg24042166
If you have any questions, please contact IBM support.
6.4 6.4.1.4 IT04251 Note that 6.4.1.4 is no longer available for download. You can download 6.4.1.9 to obtain the fix:ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/tivoli-data-protection/ntexch/v641/windows/
6.3 6.3.1.3 IT04251 Note that 6.3.1.3 is no longer available for download. You can download 6.3.1.6 to obtain the fix:<ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/tivoli-data-protection/ntexch/v631/windows/&gt;
6.1 6.1.3.6 IT04251 <ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/tivoli-data-protection/ntexch/v613/x64/&gt;
Tivoli Storage Manager FastBack for Microsoft Exchange**Affected V.R** Fixing VRMF APAR Remediation/First Fix
6.1 6.1.5.4 IT04252 http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Storage+Manager+FastBack+for+Microsoft+Exchange&release=6.1.5.3&platform=Windows&function=all

Workarounds and Mitigations

For the products:
- Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange
- Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange

two workarounds exist for this problem:

  1. Use the CLI interface to restore the mailbox by specifying mailbox GUID or display name instead of the alias.
  2. Use the Microsoft Exchange Management Console or Powershell commands to rename the duplicated mailbox alias to a unique value

For the product:
- Tivoli Storage Manager FastBack for Microsoft Exchange

three workarounds exist for this problem:
1)) Open a PST file and restore messages to the PST file. Then, import the PST file contents into the mailbox.
2) Restore messages using the “SMTP Restore” option
3) Use the Microsoft Exchange Management Console or Powershell commands to rename the duplicated mailbox alias to a unique value.

Related

prion 1
cve 1
cvelist 1
nvd 1
prion
prion
Design/Logic Flaw
2015-08-23 14:59:00
cve
cve
CVE-2015-4950
2015-08-23 14:59:01
cvelist
cvelist
CVE-2015-4950
2015-08-23 14:00:00
nvd
nvd
CVE-2015-4950
2015-08-23 14:59:01

0.001 Low

EPSS

Percentile

46.3%

JSON
Related for D9377BAAA5D9916B66B7B2676AA5C4F152E01DB85F6D72F2E25A19CD5D3D62BB
prion1cve1cvelist1nvd1