CVE-2015-0120
IBM Tivoli Storage Manager FastBack CRYPTO_S_EncryptBufferToBuffer Buffer Overflow Remote Code Execution Vulnerability
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 has unspecified impact and remote attack vectors.
Desbordamiento de buffer en el proceso FastBackMount en IBM Tivoli Storage Manager FastBack 6.1 anterior a 6.1.11.1 tiene un impacto y vectores de ataque remotos sin especificar.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Storage Manager FastBack. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the CRYPTO_S_EncryptBufferToBuffer function. By sending a specially crafted packet on TCP port 30051, an attacker is able to cause a stack buffer overflow. An attacker can use this to execute arbitrary code in the context of the SYSTEM.
*Credits:
AbdulAziz Hariri - HP Zero Day Initiative
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-11-18 CVE Reserved
- 2015-04-08 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg21700549 | 2015-05-26 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Tivoli Storage Manager Fastback Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" | 6.1.0.0 Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" and version "6.1.0.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Storage Manager Fastback Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" | 6.1.0.1 Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" and version "6.1.0.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Storage Manager Fastback Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" | 6.1.1.0 Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" and version "6.1.1.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Storage Manager Fastback Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" | 6.1.7.2 Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" and version "6.1.7.2" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Storage Manager Fastback Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" | 6.1.8.0 Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" and version "6.1.8.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Storage Manager Fastback Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" | 6.1.8.1 Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" and version "6.1.8.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Storage Manager Fastback Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" | 6.1.9.0 Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" and version "6.1.9.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Storage Manager Fastback Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" | 6.1.9.1 Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" and version "6.1.9.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Storage Manager Fastback Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" | 6.1.10.0 Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" and version "6.1.10.0" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Storage Manager Fastback Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" | 6.1.10.1 Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" and version "6.1.10.1" | - |
Affected
| ||||||
| Ibm Search vendor "Ibm" | Tivoli Storage Manager Fastback Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" | 6.1.11.0 Search vendor "Ibm" for product "Tivoli Storage Manager Fastback" and version "6.1.11.0" | - |
Affected
| ||||||