Vigil@nce - IBM Tivoli Storage Manager FastBack: several vulnerabilities
August 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
Several vulnerabilities were announced in IBM Tivoli Storage
Manager FastBack.
Severity: 2/4
Creation date: 20/08/2010
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in IBM Tivoli Storage
Manager FastBack.
The Mount service uses a UDP port to communicate with clients. An
attacker can connect to this port and send malicious data in order
to corrupt memory or execute code. [severity:2/4; CVE-2010-3058]
An attacker can force the server to execute remote code. When this
occures, a buffer overflow happens. An attacker can therefore
generate a buffer overflow in FastBack Server in order to read or
write data. [severity:2/4; CVE-2010-3059]
An attacker can connect to this server and send malicious data in
order to generate a denial of service. [severity:2/4;
CVE-2010-3061]
An attacker can connect to the server and send malicious Shell
data in order to generate a denial of service. [severity:2/4;
CVE-2010-3060]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-Tivoli-Storage-Manager-FastBack-several-vulnerabilities-9857