In association with heise online

14 January 2008, 13:17

Vulnerability in IBM Tivoli Storage Manager Express

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

IBM has published a patch for its Tivoli Storage Manager Express server-based back-up-solution for Windows. The update carries version number and rectifies a programming error due to which attackers can take complete remote control over vulnerable servers. According to IBM, the cause is a heap overflow, not specified in more detail, that allows any kind of malicious code to be executed with SYSTEM rights.

The security hole is not mentioned in the associated Readme file, however, which says only that the update adds support for the IBM Tape Autoloader 3362-2LX and also contains some minor bugfixes. An error is said to occur while back-up volumes are being checked, but only if the "DE" language option has been selected. Administrators should apply the patch as soon as possible, or confine network access to the server to trustworthy back-up clients.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit