ZDI-10-182: IBM TSM FastBack Server FXCLI_OraBR_Exec_Command Remote Code Execution Vulnerabilities

ZDI-10-182: IBM TSM FastBack Server FXCLIOraBRExecCommand Remote Code Execution Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-10-182 September 29, 2010 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: IBM -- Affected Products: IBM Tivoli Storage Manager FastBack --...

IBM Tivoli Storage Manager FastBack Mount NULL Pointer Dereference DoS Vulnerability

This vulnerability allows remote attackers to deny service to clients on vulnerable installations of IBM Tivoli FastBack Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FastBackMount.exe component which listens by default on TCP...

IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability

This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe which listens by default on tcp port 11406...

IBM TSM FastBack Server _Eventlog Format String Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Fastback. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FastBack server process FastBackServer.exe which listens by...

IBM TSM FastBack Server FXCLI_checkIndexDBLocation Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The flaw exists within FastBackServer.exe which listens by default on TCP port 11460. The issue is due to a...

IBM TSM FastBack Server ActivateLTScriptReply Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe which listens by default on tcp port 11406. The issue is...

IBM TSM FastBack Server _DAS_ReadBlockReply Remote Denial of Service Vulnerability

This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe process which listens by default on TCP po...

IBM TSM FastBack Server USER_S_AddADGroup Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe which listens by default on TCP port 11460. The issue is...

IBM TSM FastBack Server FXCLI_OraBR_Exec_Command Remote Code Execution Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe which listens by default on TCP port 11460. The vulnerab...

IBM TSM FastBack Server _SendToLog Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe which listens by default on tcp port 11406. The issue is...

IBM TSM FastBack Mount Service Arbitrary Overwrite Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Fastback. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Mount service FastBackMount.exe. This process listens by defau...

CVE-2010-3058

The Mount service in IBM Tivoli Storage Manager TSM FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service application hang, via unspecified vectors...

CVE-2010-3059

Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager TSM FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and possibly have other impact, via an unspecified command...

CVE-2010-3058

The Mount service in IBM Tivoli Storage Manager TSM FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service application hang, via unspecified vectors...

CVE-2010-3060

CVE-2010-3060 targets IBM Tivoli Storage Manager (TSM) FastBack Server. The vulnerability resides in the server’s message-protocol handling for FastBack 5.x (pre-5.5.7) and 6.1.0.0, enabling remote DoS (daemon outage) via unknown vectors. Related entries (e.g., CVE-2010-3756, CVE-2010-3755) descr...

CVE-2010-3061

IBM Tivoli Storage Manager (TSM) FastBack Mount service is affected by CVE-2010-3061. The vulnerability lies in the message-protocol implementation of the Mount service in FastBack 5.x.x before 5.5.7 and in 6.1.0.0, allowing remote attackers to cause a denial of service (recovery failure) and pot...

CVE-2010-3058

CVE-2010-3058 affects IBM Tivoli Storage Manager (TSM) FastBack Mount service (FastBackMount.exe). The vulnerability is a memory corruption due to improper input validation when parsing crafted mount requests received on UDP port 30005 (and related TCP/UDP behavior noted in sources). Exploitation...