Wei Gao, Blog Author
Wei Gao
Senior Security Research Engineer
Blog

Ixia ATI Research Center Finds Multiple Security Vulnerabilities in IBM Tivoli Storage Manager FastBack

March 9, 2016 by Wei Gao

Ixia ATI Research Center Finds Multiple Security Vulnerabilities in IBM Tivoli Storage Manager FastBack

Ixia’s ATI Research Center has discovered multiple security vulnerabilities in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.0.0 through 6.1.12.1. These vulnerabilities may cause the server to crash and malicious code execution. These vulnerabilities are due to lack of or improper validation of opcode to the TSM FastBack Server.

Tivoli Storage Manager FastBack Overview

IBM Tivoli Storage Manager (TSM) FastBack is an easy-to- use, centrally-managed data protection solution that removes the responsibility of performing backups from desktop and laptop users. It automates continuous data protection and enables users to quickly and intuitively restore files on their own. This solution can help organizations mitigate the risk of losing data on the edges of extended enterprises, while reducing the strain on IT staff.

Advisory Summary

  • Multiple Security Vulnerabilities in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.0.0 through 6.1.12.1

  • IBM has issued a patch, available here
  • Ixia BreakingPoint PoC strike released in ATI-2016-06, available here

Details:

  • TSM FastBack Server can be accessed through TCP port 11460
  • An attacker exploiting these code execution vulnerabilities can:
    • Exploit these vulnerabilities by sending specially crafted packets in order to execute malicious code on the target system
    • Send specially-crafted packets to the target's TCP port which would result in a shutdown of the service

Leverage Subscription Service to Stay Ahead of Attacks

The Ixia BreakingPoint Application and Threat Intelligence (ATI) Subscription provides bi-weekly updates of the latest application protocols and attacks for use with Ixia platforms.