IBM Support

Security fixes available for IBM Tivoli Storage Manager FastBack

Flashes (Alerts)


Abstract

Fixes are available for security vulnerabilities identified in the following IBM Tivoli Storage Manager Fastback releases:

Content


Vulnerable Levels:

FastBack ReleaseAffected Levels
5.55.5.0.0 through 5.5.6.0
6.16.1.0.0 through 6.1.0.1

These fixes address issues described in APAR IC69883.


Security vulnerabilities exist in the specified versions of IBM Tivoli Storage Manager FastBack. These security vulnerabilities are documented in APAR IC69883 and are described by the following four issues:


Issue 1: IBM Tivoli Storage Manager FastBack Mount Service Buffer Overrun Vulnerability
Problem Summary:
A remote buffer overrun vulnerability exists in IBM Tivoli Storage Manager FastBack Mount, which has the potential to crash the IBM Tivoli Storage Manager FastBack Mount process or to allow malicious code injection. The malicious code could, for example, allow an unauthorized user to read, copy, alter, or delete files on the affected machine.

Who is affected?
Customers using a vulnerable level of IBM Tivoli Storage Manager FastBack Mount on a system vulnerable to attack are affected.


Issue 2: IBM Tivoli Storage Manager FastBack Server Remote Code Execution and Unauthorized Access Vulnerability
Problem Summary:
The FastBack Client and FastBack Server accept a command by an attacker that can cause remote code to run. Such an attack might allow an unauthorized user to read and write data on the FastBack Server system.
Who is affected?
Customers using a vulnerable level of IBM Tivoli Storage Manager FastBack Client and Server on a system vulnerable to attack are affected.


Issue 3: IBM Tivoli Storage Manager FastBack Server Remote Denial of Service Vulnerability
Problem Summary:
The FastBack Client and FastBack Server is vulnerable to an attack that might cause the FastBack Server to fail and stop backup operations. Such an attack might cause data not to be backed up.
Who is affected?
Customers using a vulnerable level of IBM Tivoli Storage Manager FastBack Client and Server on a system vulnerable to attack are affected.


Issue 4: IBM Tivoli Storage Manager FastBack Mount Remote Denial of Service Vulnerability
Problem Summary:
The FastBack Shell and FastBack Mount are vulnerable to an attack that might cause FastBack Mount to fail and stop recovery operations. Such an attack might cause one or more of the following issues for IBM Tivoli Storage Manager FastBack Mount:
o Reduced performance
o Application freeze
o System failure
o Data loss
Who is affected?
Customers using a vulnerable level of IBM Tivoli Storage Manager FastBack Shell and Mount on a system vulnerable to attack are affected.


Recommendation:
If you are using a vulnerable level of IBM Tivoli Storage Manager FastBack 5.5, install version 5.5.7. This version includes the fixes for the vulnerabilities described in this flash.

If you are using a vulnerable level of IBM Tivoli Storage Manager FastBack 6.1, install version 6.1.1. This version includes the fixes for the vulnerabilities described in this flash.

FastBack ReleaseVulnerable levelsFirst level with fix within that release
IBM Tivoli Storage Manager FastBack 5.55.5.0.0 through 5.5.6.05.5.7
Available: September 15, 2010
IBM Tivoli Storage Manager FastBack 6.16.1.0.0 through 6.1.0.16.1.1
Available: July 30, 2010

Later levels within the specified releases are cumulative and include the fix.

APAR IC69883 fixed the following 11 vulnerabilities:

ZDI-CAN-700
ZDI-CAN-701
ZDI-CAN-661
ZDI-CAN-662
ZDI-CAN-663
ZDI-CAN-664
ZDI-CAN-656
ZDI-CAN-657
ZDI-CAN-658
ZDI-CAN-659
ZDI-CAN-660

How to obtain the fix:

Download the appropriate IBM Tivoli Storage Manager FastBack version by completing the following steps:

1. Go to the IBM Support Fix Central Web site.
2. For Product Group, select Tivoli. Click Continue.
3. For Product, select IBM Tivoli Storage Manager FastBack. Click Continue.
4. For Installed Version, select the appropriate version and click Continue.
5. For Platform, select the appropriate platform. Click Continue.
6. Sign in using your IBM ID and password.
7. In the Identify Fixes window, select Browse fixes. Do not select the checkbox for Do not show fixes that change my installed version. Click Continue.
8. In the Select fixes window, select All fixes.
9. Select the appropriate version to download and click Continue.
10. Select a location to save the code package. Write the location where you save the code package.


Acknowledgement:
The issues depicted in the APAR above were reported to IBM by TippingPoint. No known customers are affected by these issues.

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.

[{"Product":{"code":"SS9NU9","label":"Tivoli Storage Manager FastBack"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"--","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"5.5;5.5.6;6.1;6.1.1","Edition":"All Editions","Line of Business":{"code":"LOB26","label":"Storage"}}]

Document Information

Modified date:
25 September 2022

UID

swg21443820