Vulnerabilities > IBM > Tivoli Storage Manager Fastback > 6.1.0.0

DATE CVE VULNERABILITY TITLE RISK
2010-10-05 CVE-2010-3759 Code Injection vulnerability in IBM Tivoli Storage Manager Fastback
FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 writes a certain value to a memory location specified by a UDP packet field, which allows remote attackers to execute arbitrary code via multiple requests.
network
low complexity
ibm CWE-94
critical
 10.0
10
2010-10-05 CVE-2010-3758 Code Injection vulnerability in IBM Tivoli Storage Manager Fastback
Multiple stack-based buffer overflows in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allow remote attackers to execute arbitrary code via vectors involving the (1) AGI_SendToLog (aka _SendToLog) function; the (2) group, (3) workgroup, or (4) domain name field to the USER_S_AddADGroup function; the (5) user_path variable to the FXCLI_checkIndexDBLocation function; or (6) the _AGI_S_ActivateLTScriptReply (aka ActivateLTScriptReply) function.
network
low complexity
ibm CWE-94
critical
 10.0
10
2010-10-05 CVE-2010-3757 OS Command Injection vulnerability in IBM Tivoli Storage Manager Fastback
Format string vulnerability in the _Eventlog function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via format string specifiers located after a | (pipe) character in a string.
network
low complexity
ibm CWE-78
critical
 10.0
10
2010-10-05 CVE-2010-3756 Improper Input Validation vulnerability in IBM Tivoli Storage Manager Fastback
The _CalcHashValueWithLength function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly validate an unspecified length value, which allows remote attackers to cause a denial of service (daemon crash) by sending data over TCP.
network
low complexity
ibm CWE-20
5.0
5.0
2010-10-05 CVE-2010-3755 Resource Management Errors vulnerability in IBM Tivoli Storage Manager Fastback
The _DAS_ReadBlockReply function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via data in a TCP packet.
network
low complexity
ibm CWE-399
5.0
5.0
2010-10-05 CVE-2010-3754 OS Command Injection vulnerability in IBM Tivoli Storage Manager Fastback
The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields to determine the content and length of data copied to memory, which allows remote attackers to execute arbitrary code via a crafted packet.
network
low complexity
ibm CWE-78
critical
 10.0
10
2010-08-20 CVE-2010-3061 Remote Code Execution and Denial of Service vulnerability in IBM Tivoli Storage Manager FastBack
Unspecified vulnerability in the message-protocol implementation in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (recovery failure), and possibly trigger loss of data, via unknown vectors.
network
low complexity
ibm
5.0
5.0
2010-08-20 CVE-2010-3060 Remote Code Execution and Denial of Service vulnerability in IBM Tivoli Storage Manager FastBack
Unspecified vulnerability in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors.
network
low complexity
ibm
5.0
5.0
2010-08-20 CVE-2010-3059 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Tivoli Storage Manager Fastback
Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and possibly have other impact, via an unspecified command.
network
low complexity
ibm CWE-119
7.5
7.5
2010-08-20 CVE-2010-3058 Resource Management Errors vulnerability in IBM Tivoli Storage Manager Fastback
The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service (application hang), via unspecified vectors.
network
low complexity
ibm CWE-399
7.5
7.5