Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: IBM Tivoli Storage Manager, three vulnerabilities of the client

July 2011 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

A local attacker can use three vulnerabilities of the IBM Tivoli Storage Manager client, in order to alter a file or to create a denial of service.

- Severity: 2/4
- Creation date: 04/07/2011

IMPACTED PRODUCTS

- IBM Tivoli Storage Manager

DESCRIPTION OF THE VULNERABILITY

Three vulnerabilities were announced in the IBM Tivoli Storage Manager client.

On Windows and AIX, a local attacker can use a buffer overflow of JBB (Journal Based Backup), in order to elevate his privileges. [severity:2/4; CVE-2011-1222, IC77049]

On Windows, a local attacker can use a buffer overflow in the processing of Alternate Data Stream, in order to elevate his privileges. [severity:2/4; CVE-2011-1223, IC77052]

On Windows with a Microsoft EFS encryption, a local attacker can use an Alternate Data Stream, in order to corrupt the backup. [severity:1/4; IC74905]

A local attacker can therefore use three vulnerabilities of the IBM Tivoli Storage Manager client, in order to alter a file or to create a denial of service.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/I...




See previous articles

    

See next articles