In association with heise online

24 September 2007, 11:29

Vulnerabilities in IBM Tivoli Storage Manager

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

IBM reports the discovery of two security holes in its Tivoli Storage Manager backup software. Attackers can exploit these vulnerabilities to inject arbitrary code or gain access to sensitive information. The vendor has provided updates that remedy the problem.

IBM's security advisory does not provide any details, but merely states that a buffer overflow in the Client Acceptor Daemon (CAD) can cause the operating system to crash or allow injected code to be executed. Furthermore, attackers can exploit backups initiated by the server to gain unauthorized access to data on the client computer.

Tivoli Storage Manager versions 5.1 to 5.4 are affected, as is the Express client software. IBM has released patched versions of the software, which administrators should download and install as quickly as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit