Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: IBM Tivoli Storage Manager, three vulnerabilities of the client

July 2011 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

A local attacker can use three vulnerabilities of the IBM Tivoli
Storage Manager client, in order to alter a file or to create a
denial of service.

 Severity: 2/4
 Creation date: 04/07/2011

IMPACTED PRODUCTS

 IBM Tivoli Storage Manager

DESCRIPTION OF THE VULNERABILITY

Three vulnerabilities were announced in the IBM Tivoli Storage
Manager client.

On Windows and AIX, a local attacker can use a buffer overflow of
JBB (Journal Based Backup), in order to elevate his privileges.
[severity:2/4; CVE-2011-1222, IC77049]

On Windows, a local attacker can use a buffer overflow in the
processing of Alternate Data Stream, in order to elevate his
privileges. [severity:2/4; CVE-2011-1223, IC77052]

On Windows with a Microsoft EFS encryption, a local attacker can
use an Alternate Data Stream, in order to corrupt the backup.
[severity:1/4; IC74905]

A local attacker can therefore use three vulnerabilities of the
IBM Tivoli Storage Manager client, in order to alter a file or to
create a denial of service.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/IBM-Tivoli-Storage-Manager-three-vulnerabilities-of-the-client-10804


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts