Intrusion prevention system provider TippingPoint reported Monday that TSM, which provides automatic data backup and centralised storage management, suffers from vulnerabilities that do not require authentication and can lead to the execution of arbitrary code. The bugs are related to the way in which the solution process messages on the transmission protocol control (TCP) port 1500.
"As no validation is done on the index fields, an attacker can force the service to look beyond the end of the packet, often landing in the unallocated memory and resulting in a denial of service," the TippingPoint advisory said.
Secunia, which rated the flaws "moderately critical" in an advisory today, recommends users apply a patch that IBM has made available.
Click here to email Dan Kaplan.