IBM: Trivoli Storage Manager flaws can't be exploited

By
Follow google news

Multiple buffer overflow vulnerabilities in IBM Tivoli Storage Manager (TSM), disclosed Monday by a security firm, cannot be exploited to compromise a user's system, Big Blue said today in an advisory.


"This problem relates to an internal buffer overflow in TSM, but IBM does not believe it is possible to exploit this buffer overflow for remote code execution," the advisory said. "However, this exposure can be used to crash the TSM server."

Intrusion prevention system provider TippingPoint reported Monday that TSM, which provides automatic data backup and centralised storage management, suffers from vulnerabilities that do not require authentication and can lead to the execution of arbitrary code. The bugs are related to the way in which the solution process messages on the transmission protocol control (TCP) port 1500.

"As no validation is done on the index fields, an attacker can force the service to look beyond the end of the packet, often landing in the unallocated memory and resulting in a denial of service," the TippingPoint advisory said.

Secunia, which rated the flaws "moderately critical" in an advisory today, recommends users apply a patch that IBM has made available.

Click here to email Dan Kaplan.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
becantexploitedflawsibmmanagersecuritystorage

Sponsored Whitepapers

5 reasons to adopt a mobile first security strategy
5 reasons to adopt a mobile first security strategy
Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide

Events

Most Read Articles

CBA builds two AI agents to boost cyber defences

CBA builds two AI agents to boost cyber defences
Researchers uncover 'Darksword' iPhone spyware

Researchers uncover 'Darksword' iPhone spyware
Stryker contains cyber attack on its Microsoft environment

Stryker contains cyber attack on its Microsoft environment
Exploited Google Chrome zero-days added to US must-patch list

Exploited Google Chrome zero-days added to US must-patch list
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?