Lucene search
Brian Gorenc - HP Zero Day InitiativeZDI-15-118HistoryApr 08, 2015 - 12:00 a.m.
IBM Tivoli Storage Manager FastBack Mount CMountDismount::GetVaultDump Remote Code Execution Vulnerability
2015-04-0800:00:00
Brian Gorenc - HP Zero Day Initiative
www.zerodayinitiative.com
9
0.779 High
EPSS
Percentile
98.3%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe which listens by default on TCP port 30051. When handling opcode 0x09 packets, the process blindly copies user supplied data into a stack-based buffer within CMountDismount::GetVaultDump. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
Related
checkpoint_advisories
checkpoint_advisories
cvelist
cvelist
CVE-2015-0119
2015-04-06 00:00:00
nvd
nvd
CVE-2015-0119
2015-04-06 00:59:02
CVE-2016-6091
2017-01-10 17:59:00
prion
prion
Code injection
2015-04-06 00:59:00
Design/Logic Flaw
2017-01-10 17:59:00
cve
cve
CVE-2015-0119
2015-04-06 00:59:02
CVE-2016-6091
2017-01-10 17:59:00
nessus
nessus
IBM Tivoli Storage Manager FastBack Mount CMountDismount::GetVaultDump RCE
2016-12-27 00:00:00
ibm
ibm
Security Bulletin: IBM Tivoli Storage Manager FastBack Mount Remote Code Execution Vulnerability (CVE-2015-0119)
2022-08-20 01:29:42