Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2010.0880
Security fixes available for IBM Tivoli Storage Manager FastBack
30 September 2010
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Tivoli Storage Manager FastBack
Publisher: IBM
Operating System: Linux variants
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Resolution: Patch/Upgrade
Original Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=swg21443820
- --------------------------BEGIN INCLUDED TEXT--------------------
Security fixes available for IBM Tivoli Storage Manager FastBack
Flash (Alert)
Abstract
Fixes are available for security vulnerabilities identified in the following
IBM Tivoli Storage Manager Fastback releases:
Content
Vulnerable Levels:
FastBack Release Affected Levels
5.5 5.5.0.0 through 5.5.6.0
6.1 6.1.0.0 through 6.1.0.1
These fixes address issues described in APAR IC69883.
Security vulnerabilities exist in the specified versions of IBM Tivoli Storage
Manager FastBack. These security vulnerabilities are documented in APAR IC69883
and are described by the following four issues:
Issue 1: IBM Tivoli Storage Manager FastBack Mount Service Buffer Overrun
Vulnerability
Problem Summary:
A remote buffer overrun vulnerability exists in IBM Tivoli Storage Manager
FastBack Mount, which has the potential to crash the IBM Tivoli Storage Manager
FastBack Mount process or to allow malicious code injection. The malicious code
could, for example, allow an unauthorized user to read, copy, alter, or delete
files on the affected machine.
Who is affected?
Customers using a vulnerable level of IBM Tivoli Storage Manager FastBack Mount
on a system vulnerable to attack are affected.
Issue 2: IBM Tivoli Storage Manager FastBack Server Remote Code Execution and
Unauthorized Access Vulnerability
Problem Summary:
The FastBack Client and FastBack Server accept a command by an attacker that
can cause remote code to run. Such an attack might allow an unauthorized user
to read and write data on the FastBack Server system.
Who is affected?
Customers using a vulnerable level of IBM Tivoli Storage Manager FastBack
Client and Server on a system vulnerable to attack are affected.
Issue 3: IBM Tivoli Storage Manager FastBack Server Remote Denial of Service
Vulnerability
Problem Summary:
The FastBack Client and FastBack Server is vulnerable to an attack that might
cause the FastBack Server to fail and stop backup operations. Such an attack
might cause data not to be backed up.
Who is affected?
Customers using a vulnerable level of IBM Tivoli Storage Manager FastBack
Client and Server on a system vulnerable to attack are affected.
Issue 4: IBM Tivoli Storage Manager FastBack Mount Remote Denial of Service
Vulnerability
Problem Summary:
The FastBack Shell and FastBack Mount are vulnerable to an attack that might
cause FastBack Mount to fail and stop recovery operations. Such an attack
might cause one or more of the following issues for IBM Tivoli Storage Manager
FastBack Mount:
o Reduced performance
o Application freeze
o System failure
o Data loss
Who is affected?
Customers using a vulnerable level of IBM Tivoli Storage Manager FastBack
Shell and Mount on a system vulnerable to attack are affected.
Recommendation:
If you are using a vulnerable level of IBM Tivoli Storage Manager FastBack 5.5,
install version 5.5.7. This version includes the fixes for the vulnerabilities
described in this flash.
If you are using a vulnerable level of IBM Tivoli Storage Manager FastBack 6.1,
install version 6.1.1. This version includes the fixes for the vulnerabilities
described in this flash.
FastBack Release Vulnerable levels First level with fix within
that release
IBM Tivoli Storage
Manager FastBack 5.5 5.5.0.0 through 5.5.6.0 5.5.7
Available: September 15, 2010
IBM Tivoli Storage
Manager FastBack 6.1 6.1.0.0 through 6.1.0.1 6.1.1
Available: July 30, 2010
Later levels within the specified releases are cumulative and include the fix.
APAR IC69883 fixed the following 11 vulnerabilities:
ZDI-CAN-700
ZDI-CAN-701
ZDI-CAN-661
ZDI-CAN-662
ZDI-CAN-663
ZDI-CAN-664
ZDI-CAN-656
ZDI-CAN-657
ZDI-CAN-658
ZDI-CAN-659
ZDI-CAN-660
How to obtain the fix:
Download the appropriate IBM Tivoli Storage Manager FastBack version by
completing the following steps:
1. Go to the IBM Support Fix Central Web site.
2. For Product Group, select Tivoli. Click Continue.
3. For Product, select IBM Tivoli Storage Manager FastBack. Click Continue.
4. For Installed Version, select the appropriate version and click Continue.
5. For Platform, select the appropriate platform. Click Continue.
6. Sign in using your IBM ID and password.
7. In the Identify Fixes window, select Browse fixes. Do not select the
checkbox for Do not show fixes that change my installed version. Click
Continue.
8. In the Select fixes window, select All fixes.
9. Select the appropriate version to download and click Continue.
10. Select a location to save the code package. Write the location where you
save the code package.
Acknowledgement:
The issues depicted in the APAR above were reported to IBM by TippingPoint.
No known customers are affected by these issues.
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide. Other product
and service names might be trademarks of IBM or other companies. A current
list of IBM trademarks is available on the Web at "Copyright and trademark
information" at www.ibm.com/legal/copytrade.shtml.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFMo+Wz/iFOrG6YcBERAsr+AJ9fV7hw/kcCd8WxOXO98JrX+KlSPACbBdkQ
REgQfNuS2b3DDd3xgm+riDo=
=IkSt
-----END PGP SIGNATURE-----