Vulnerabilities in IBM Tivoli Storage Manager
IBM reports the discovery of two security holes in its Tivoli Storage Manager backup software. Attackers can exploit these vulnerabilities to inject arbitrary code or gain access to sensitive information. The vendor has provided updates that remedy the problem.
IBM's security advisory does not provide any details, but merely states that a buffer overflow in the Client Acceptor Daemon (CAD) can cause the operating system to crash or allow injected code to be executed. Furthermore, attackers can exploit backups initiated by the server to gain unauthorized access to data on the client computer.
Tivoli Storage Manager versions 5.1 to 5.4 are affected, as is the Express client software. IBM has released patched versions of the software, which administrators should download and install as quickly as possible.
- Two security vulnerabilities exist in the IBM Tivoli Storage Manager (TSM) client, IBM's security advisory
- Update to version 18.104.22.168 of Tivoli Storage Manager
- Update to version 22.214.171.124 of Tivoli Storage Manager
- Update to version 126.96.36.199 of Tivoli Storage Manager
- Update to version 188.8.131.52 of Tivoli Storage Manager
- Update for the Express version of Tivoli Storage Manager