Vigil@nce: IBM TSM, several vulnerabilities
April 2009 by Vigil@nce
Several vulnerabilities were announced in IBM Tivoli Storage
Manager Server.
– Severity: 2/4
– Consequences: privileged access/rights, denial of service of
service
– Provenance: intranet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 4
– Creation date: 31/03/2009
IMPACTED PRODUCTS
– IBM Tivoli Storage Manager
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in IBM Tivoli Storage
Manager Server.
Several memory leaks lead to a denial of service. [grav:1/4;
IC37346, IC37816, IC38012, IC38060, IC38819, IC39827, IC42890,
IC44550, IC44559, IC45872, IC48050, IC51815, IC53151, IC56081,
IC58907]
An attacker can access to the system via the console. [grav:2/4;
IC37554]
A port scanner can stop the service. [grav:2/4; IC39395]
A vulnerability impacts the command line of the administration
interface. [grav:2/4; CVE-2009-1178, IC46744]
CHARACTERISTICS
– Identifiers: BID-34285, CVE-2009-1178, IC37346, IC37554, IC37816,
IC38012, IC38060, IC38819, IC39395, IC39827, IC42890, IC44550,
IC44559, IC45872, IC46744, IC48050, IC51815, IC53151, IC56081,
IC58907, swg21375360, VIGILANCE-VUL-8576
– Url: http://vigilance.fr/vulnerability/IBM-TSM-several-vulnerabilities-8576