Advisory Details

September 30th, 2010

IBM Tivoli Storage Manager FastBack Mount NULL Pointer Dereference DoS Vulnerability

ZDI-10-188
ZDI-CAN-701

CVE ID
CVSS SCORE 7.8, AV:N/AC:L/Au:N/C:N/I:N/A:C
AFFECTED VENDORS IBM
AFFECTED PRODUCTS Tivoli Storage Manager FastBack
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['10327']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS

This vulnerability allows remote attackers to deny service to clients on vulnerable installations of IBM Tivoli FastBack Storage Manager. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the FastBackMount.exe component which listens by default on TCP port 30051. When handling a failed memory allocation due to a large size provided by an attacker an exception handler is invoked which attempts to log the event. Due to the previously failed allocation a null pointer is dereferenced when creating a string to send to log causing the process to terminate. A remote attacker can exploit this vulnerability to terminate the FastBackMount.exe process and deny service to clients.
ADDITIONAL DETAILS

http://www.ibm.com/support/docview.wss?uid=swg21443820
Issue 4
DISCLOSURE TIMELINE
  • 2010-06-17 - Vulnerability reported to vendor
  • 2010-09-30 - Coordinated public release of advisory
CREDIT AbdulAziz Hariri
BACK TO ADVISORIES