IC69883: FASTBACK MAY BE AFFECTED BY SECURITY VULNERABILITIES

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Vulnerable Levels:
    FastBack Release Affected Levels
    5.5 5.5.0.0 through 5.5.6.0
    6.1 6.1.0.0 through 6.1.0.1
    
    These fixes address issues described in APAR IC69883.
    
    
    Security vulnerabilities exist in the specified versions of IBM
    Tivoli Storage Manager FastBack. These security vulnerabilities
    are documented in APAR IC69883 and are described by the
    following four issues:
    
    
    Issue 1: IBM Tivoli Storage Manager FastBack Mount Service
    Buffer Overrun Vulnerability
    Problem Summary:
    A remote buffer overrun vulnerability exists in IBM Tivoli
    Storage Manager FastBack Mount, which has the potential to crash
    the IBM Tivoli Storage Manager FastBack Mount process or to
    allow malicious code injection. The malicious code could, for
    example, allow an unauthorized user to read, copy, alter, or
    delete files on the affected machine.
    
    Who is affected?
    Customers using a vulnerable level of IBM Tivoli Storage Manager
    FastBack Mount on a system vulnerable to attack are affected.
    
    
    Issue 2: IBM Tivoli Storage Manager FastBack Server Remote Code
    Execution and Unauthorized Access Vulnerability
    Problem Summary:
    The FastBack Client and FastBack Server accept a command by an
    attacker that can cause remote code to run. Such an attack might
    allow an unauthorized user to read and write data on the
    FastBack Server system.
    Who is affected?
    Customers using a vulnerable level of IBM Tivoli Storage Manager
    FastBack Client and Server on a system vulnerable to attack are
    affected.
    
    
    Issue 3: IBM Tivoli Storage Manager FastBack Server Remote
    Denial of Service Vulnerability
    Problem Summary:
    The FastBack Client and FastBack Server is vulnerable to an
    attack that might cause the FastBack Server to fail and stop
    backup operations. Such an attack might cause data not to be
    backed up.
    Who is affected?
    Customers using a vulnerable level of IBM Tivoli Storage Manager
    FastBack Client and Server on a system vulnerable to attack are
    affected.
    
    
    Issue 4: IBM Tivoli Storage Manager FastBack Mount Remote Denial
    of Service Vulnerability
    Problem Summary:
    The FastBack Shell and FastBack Mount are vulnerable to an
    attack that might cause FastBack Mount to fail and stop recovery
    operations. Such an attack might cause one or more of the
    following issues for IBM Tivoli Storage Manager FastBack Mount:
    o Reduced performance
    o Application freeze
    o System failure
    o Data loss
    Who is affected?
    Customers using a vulnerable level of IBM Tivoli Storage Manager
    FastBack Shell and Mount on a system vulnerable to attack are
    affected.
    
    
    Recommendation:
    If you are using a vulnerable level of IBM Tivoli Storage
    Manager FastBack 5.5, install version 5.5.7. This version
    includes the fixes for the vulnerabilities described in this
    flash.
    
    If you are using a vulnerable level of IBM Tivoli Storage
    Manager FastBack 6.1, install version 6.1.1. This version
    includes the fixes for the vulnerabilities described in this
    flash.
    FastBack Release Vulnerable levels First level with fix within
    that release
    IBM Tivoli Storage Manager FastBack 5.5 5.5.0.0 through
    5.5.6.0 5.5.7
      Available: September 15, 2010
    IBM Tivoli Storage Manager FastBack 6.1 6.1.0.0 through
    6.1.0.1 6.1.1
      Available: July 30, 2010
    
    Later levels within the specified releases are cumulative and
    include the fix.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All FastBack users                           *
    *                                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION: See Error Description.                  *
    *                                                              *
    ****************************************************************
    * RECOMMENDATION: Apply fixing level when available. This      *
    *                 problem is currently projected to be fixed   *
    *                 in version 5.5.7 and 6.1.1. Note that        *
    *                 this                      is subject t       *
    *                 o change at the discretion of IBM.           *
    ****************************************************************
    *
    

Problem conclusion

  • This problem has been fixed.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IC69883

  • Reported component name

    TSM FASTBACK

  • Reported component ID

    5724FSBBK

  • Reported release

    61W

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-07-18

  • Closed date

    2010-09-27

  • Last modified date

    2011-07-18

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TSM FASTBACK

  • Fixed component ID

    5724FSBBK

Applicable component levels

  • R55W PSY

       UP

  • R61W PSY

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Tivoli Storage Manager FastBack

Software version:

6.1

Reference #:

IC69883

Modified date:

2011-07-18

Translate my page

Machine Translation

Content navigation