IBMF6907FE3FA6A6E5E60741496269F28A18F40DCCB2EE082DE5F44D1D365090A95Security Bulletin: IBM Tivoli Storage Manager FastBack Stack-Based Buffer Overflow Elevation of Privilege Vulnerability (CVE-2015-1898)
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
Summary
The IBM Tivoli Storage Manager FastBack mount process is vulnerable to a stack-based buffer overflow. A local or network attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.
Vulnerability Details
CVEID: CVE-2015-1898**
DESCRIPTION:** IBM Tivoli Storage Manager is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by FastBackMount process. An attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges or cause the server to crash.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101633> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Affected Products and Versions
IBM Tivoli Storage Manager FastBack Mount 6.1.11 and earlier.
Remediation/Fixes
_FastBack Release _
| First Fixing
VRMF Level| Platfom| APAR| Link to fix
—|—|—|—|—
6.1 | 6.1.11.1| Windows| None| http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Tivoli+Storage+Manager+FastBack&fixids=6.1.11.1-TIV-TSMFB-FP001&source=SAR
Workarounds and Mitigations
None.
Affected configurations
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%