Ixia ATI Research Center Finds Multiple Security Vulnerabilities in IBM Tivoli Storage Manager FastBack
Ixia ATI Research Center Finds Multiple Security Vulnerabilities in IBM Tivoli Storage Manager FastBack
Ixia’s ATI Research Center has discovered multiple security vulnerabilities in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.0.0 through 6.1.12.1. These vulnerabilities may cause the server to crash and malicious code execution. These vulnerabilities are due to lack of or improper validation of opcode to the TSM FastBack Server.
Tivoli Storage Manager FastBack Overview
IBM Tivoli Storage Manager (TSM) FastBack is an easy-to- use, centrally-managed data protection solution that removes the responsibility of performing backups from desktop and laptop users. It automates continuous data protection and enables users to quickly and intuitively restore files on their own. This solution can help organizations mitigate the risk of losing data on the edges of extended enterprises, while reducing the strain on IT staff.
- Multiple Security Vulnerabilities in IBM Tivoli Storage Manager FastBack 5.5 and 6.1.0.0 through 6.1.12.1
- (CVE-2015-8519, CVE-2015-8520, CVE-2015-8521, CVE-2015-8522) Multiple Code Execution vulnerabilities are discovered in IBM Tivoli Storage Manager Fastback server, which can lead to buffer overflow.
- (CVE-2015-8523) DoS vulnerability is discovered in IBM Tivoli Storage Manager Fastback server.
- IBM has issued a patch, available here
- Ixia BreakingPoint PoC strike released in ATI-2016-06, available here
Details:
- TSM FastBack Server can be accessed through TCP port 11460
- An attacker exploiting these code execution vulnerabilities can:
- Exploit these vulnerabilities by sending specially crafted packets in order to execute malicious code on the target system
- Send specially-crafted packets to the target's TCP port which would result in a shutdown of the service
Leverage Subscription Service to Stay Ahead of Attacks
The Ixia BreakingPoint Application and Threat Intelligence (ATI) Subscription provides bi-weekly updates of the latest application protocols and attacks for use with Ixia platforms.