CVE-2015-1953 – IBM Tivoli Storage Manager FastBack Server Opcode 1335 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1953
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965. Desbordamiento de buffer basado en pila en el servidor en IBM Tivoli Storage Manager FastBack 6.1 anterior a 6.1.12 permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, y CVE-2015-1965. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of opcode 1335. By sending a crafted packet on TCP port 11460, an attacker can use an arbitrary format string as an argument to a vsprintf function. • http://www-01.ibm.com/support/docview.wss?uid=swg21959398 http://www.securityfocus.com/bid/75456 http://www.securitytracker.com/id/1032773 http://www.zerodayinitiative.com/advisories/ZDI-15-273 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-1986 – IBM Tivoli Storage Manager FastBack Server Opcode 1301 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1986
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1938. El servidor en IBM Tivoli Storage Manager FastBack 6.1 anterior a 6.1.12 permite a atacantes remotos ejecutar comandos arbitrarios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1938. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of opcode 1301. By sending a crafted packet on TCP port 11460, an attacker can use an arbitrary format string as an argument to a vsprintf function. • https://github.com/3t3rn4lv01d/CVE-2015-1986 http://www-01.ibm.com/support/docview.wss?uid=swg21959398 http://www.securityfocus.com/bid/75461 http://www.securitytracker.com/id/1032773 http://www.zerodayinitiative.com/advisories/ZDI-15-274 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2015-1898
https://notcve.org/view.php?id=CVE-2015-1898
Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1897. Desbordamiento de buffer basado en pila en el proceso FastBackMount en IBM Tivoli Storage Manager FastBack 6.1 anterior a 6.1.11.1 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1897. • http://www-01.ibm.com/support/docview.wss?uid=swg21700539 http://www.securityfocus.com/bid/74036 http://www.securitytracker.com/id/1032102 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1091 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-1897
https://notcve.org/view.php?id=CVE-2015-1897
Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1898. Desbordamiento de buffer basado en pila en el proceso FastBackMount en IBM Tivoli Storage Manager FastBack 6.1 anterior a 6.1.11.1 permite a usuarios locales ganar privilegios a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-1898. • http://www-01.ibm.com/support/docview.wss?uid=swg21700057 http://www.securitytracker.com/id/1032102 https://www.verisign.com/en_US/security-services/security-intelligence/vulnerability-reports/articles/index.xhtml?id=1092 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-0120 – IBM Tivoli Storage Manager FastBack CRYPTO_S_EncryptBufferToBuffer Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0120
Buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 has unspecified impact and remote attack vectors. Desbordamiento de buffer en el proceso FastBackMount en IBM Tivoli Storage Manager FastBack 6.1 anterior a 6.1.11.1 tiene un impacto y vectores de ataque remotos sin especificar. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Storage Manager FastBack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CRYPTO_S_EncryptBufferToBuffer function. By sending a specially crafted packet on TCP port 30051, an attacker is able to cause a stack buffer overflow. • http://www-01.ibm.com/support/docview.wss?uid=swg21700549 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •