IBM: Trivoli Storage Manager flaws can't be exploited

By
Follow google news

Multiple buffer overflow vulnerabilities in IBM Tivoli Storage Manager (TSM), disclosed Monday by a security firm, cannot be exploited to compromise a user's system, Big Blue said today in an advisory.


"This problem relates to an internal buffer overflow in TSM, but IBM does not believe it is possible to exploit this buffer overflow for remote code execution," the advisory said. "However, this exposure can be used to crash the TSM server."

Intrusion prevention system provider TippingPoint reported Monday that TSM, which provides automatic data backup and centralised storage management, suffers from vulnerabilities that do not require authentication and can lead to the execution of arbitrary code. The bugs are related to the way in which the solution process messages on the transmission protocol control (TCP) port 1500.

"As no validation is done on the index fields, an attacker can force the service to look beyond the end of the packet, often landing in the unallocated memory and resulting in a denial of service," the TippingPoint advisory said.

Secunia, which rated the flaws "moderately critical" in an advisory today, recommends users apply a patch that IBM has made available.

Click here to email Dan Kaplan.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
becantexploitedflawsibmmanagersecuritystorage

Sponsored Whitepapers

Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
Sumo Logic named in the 2025 Gartner Critical Capabilities for Security Information and Event Management (SIEM)
Sumo Logic named in the 2025 Gartner Critical Capabilities for Security Information and Event Management (SIEM)
The cloud tipping point
The cloud tipping point

Events

Most Read Articles

Telstra used ConnectID impermissibly for months

Telstra used ConnectID impermissibly for months
University of Sydney "online IT code library" breached

University of Sydney "online IT code library" breached
NSW Health clinicians "normalise" bypass of cyber security controls

NSW Health clinicians "normalise" bypass of cyber security controls
UK government was hacked in October, minister confirms

UK government was hacked in October, minister confirms
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?