Vigil@nce - IBM Tivoli Storage Manager: altering files via BACKUPINITIATION
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can alter backups of IBM Tivoli Storage Manager,
in order to store a malicious program for example.
Impacted products: Tivoli Storage Manager
Severity: 1/4
Creation date: 19/11/2014
DESCRIPTION OF THE VULNERABILITY
The IBM Tivoli Storage Manager product uses the BACKUPINITIATION
directive to indicate users allowed to perform backups.
However, an attacker who is not authorized can replace saved files.
A local attacker can therefore alter backups of IBM Tivoli Storage
Manager, in order to store a malicious program for example.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN