The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Spectrum Protect

computer vulnerability CVE-2014-0907

IBM TSM Client: privilege escalation via SetUID

Synthesis of the vulnerability

A local attacker can create a malicious library, which is loaded by a suid program of IBM TSM Client, in order to escalate his privileges.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 14/08/2014.
Identifiers: 1680454, CVE-2014-0907, VIGILANCE-VUL-15195.

Description of the vulnerability

The IBM TSM Client product installs several suid root programs.

However, they are compiled with a relative RPATH, so they accept to load libraries located from the current directory.

A local attacker can therefore create a malicious library, which is loaded by a suid program of IBM TSM Client, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2013-6335

IBM TSM for Space Management: read-write access via Backup-Archive

Synthesis of the vulnerability

An attacker can bypass access restrictions of IBM TSM for Space Management files, in order to read or alter data.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 14/08/2014.
Identifiers: 1680453, CVE-2013-6335, VIGILANCE-VUL-15194.

Description of the vulnerability

The IBM TSM Backup-Archive client restores files.

However, files of IBM TSM for Space Management are not restored with valid permissions.

An attacker can therefore bypass access restrictions of IBM TSM for Space Management files, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2014-0876

IBM TSM Client: buffer overflow of GUI

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the GUI of IBM TSM Client, in order to trigger a denial of service.
Impacted products: Tivoli Storage Manager.
Severity: 1/4.
Consequences: denial of service on client.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 14/08/2014.
Identifiers: 1673318, CVE-2014-0876, VIGILANCE-VUL-15193.

Description of the vulnerability

The IBM TSM Client product can be installed on Windows or Macintosh.

However, if the size of data is greater than the size of the storage array, an overflow occurs in the GUI.

An attacker can therefore generate a buffer overflow in the GUI of IBM TSM Client, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2014-0224

OpenSSL: man in the middle via ChangeCipherSpec

Synthesis of the vulnerability

An attacker can act as a man in the middle between a client and a server using OpenSSL, in order to read or alter exchanged data.
Impacted products: ArubaOS, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, GAiA, CheckPoint IP Appliance, IPSO, Provider-1, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway, Cisco ASR, Cisco ATA, Cisco ACE, ASA, AsyncOS, Cisco Catalyst, CiscoWorks, Cisco Content SMA, Cisco CSS, Cisco ESA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Cisco IPS, IronPort Email, IronPort Management, IronPort Web, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Prime Collaboration Manager, Prime Infrastructure, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Cisco Manager Attendant Console, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco Unity ~ precise, WebNS, Cisco WSA, MIMEsweeper, Clearswift Web Gateway, Debian, Avamar, EMC CAVA, EMC CEE, EMC CEPA, Celerra FAST, Celerra NS, Celerra NX4, EMC CMDCE, Connectrix Switch, ECC, NetWorker, PowerPath, Unisphere EMC, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiClient, FortiManager, FortiManager Virtual Appliance, FreeBSD, HP Operations, ProCurve Switch, HP Switch, HP-UX, AIX, Tivoli Storage Manager, WebSphere MQ, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper UAC, MBS, MES, McAfee Web Gateway, MySQL Enterprise, NetBSD, OpenBSD, OpenSSL, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Polycom CMA, HDX, RealPresence Collaboration Server, Polycom VBP, RHEL, JBoss EAP by Red Hat, ACE Agent, ACE Server, RSA Authentication Agent, RSA Authentication Manager, SecurID, ROS, ROX, RuggedSwitch, SIMATIC, Slackware, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Nessus, InterScan Messaging Security Suite, InterScan Web Security Suite, TrendMicro ServerProtect, Ubuntu, ESXi, vCenter Server, VMware vSphere, VMware vSphere Hypervisor, Websense Email Security, Websense Web Filter, Websense Web Security.
Severity: 3/4.
Consequences: data reading, data creation/edition, data flow.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 05/06/2014.
Revision date: 05/06/2014.
Identifiers: 1676496, 1690827, aid-06062014, c04336637, c04347622, c04363613, CERTFR-2014-AVI-253, CERTFR-2014-AVI-254, CERTFR-2014-AVI-255, CERTFR-2014-AVI-260, CERTFR-2014-AVI-274, CERTFR-2014-AVI-279, CERTFR-2014-AVI-286, CERTFR-2014-AVI-513, cisco-sa-20140605-openssl, cpuoct2016, CTX140876, CVE-2014-0224, DOC-53313, DSA-2950-1, DSA-2950-2, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2014-7101, FEDORA-2014-7102, FG-IR-14-018, FreeBSD-SA-14:14.openssl, HPSBHF03052, HPSBUX03046, JSA10629, MDVSA-2014:105, MDVSA-2014:106, MDVSA-2015:062, NetBSD-SA2014-006, openSUSE-SU-2014:0764-1, openSUSE-SU-2014:0765-1, openSUSE-SU-2015:0229-1, openSUSE-SU-2016:0640-1, RHSA-2014:0624-01, RHSA-2014:0625-01, RHSA-2014:0626-01, RHSA-2014:0627-01, RHSA-2014:0628-01, RHSA-2014:0629-01, RHSA-2014:0630-01, RHSA-2014:0631-01, RHSA-2014:0632-01, RHSA-2014:0633-01, RHSA-2014:0679-01, RHSA-2014:0680-01, SA40006, SA80, SB10075, sk101186, SOL15325, SPL-85063, SSA:2014-156-03, SSA-234763, SSRT101590, SUSE-SU-2014:0759-1, SUSE-SU-2014:0759-2, SUSE-SU-2014:0761-1, SUSE-SU-2014:0762-1, USN-2232-1, USN-2232-2, USN-2232-3, USN-2232-4, VIGILANCE-VUL-14844, VMSA-2014-0006, VMSA-2014-0006.1, VMSA-2014-0006.10, VMSA-2014-0006.11, VMSA-2014-0006.2, VMSA-2014-0006.3, VMSA-2014-0006.4, VMSA-2014-0006.5, VMSA-2014-0006.6, VMSA-2014-0006.7, VMSA-2014-0006.8, VMSA-2014-0006.9, VU#978508.

Description of the vulnerability

The OpenSSL product implements SSL/TLS, which uses a handshake.

However, by using a handshake with a ChangeCipherSpec message, an attacker can force the usage of weak keys.

An attacker can therefore act as a man in the middle between a client and a server using OpenSSL, in order to read or alter exchanged data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2013-6713

IBM Tivoli Storage Manager for Virtual Environments: information disclosure

Synthesis of the vulnerability

An attacker can use IBM Tivoli Storage Manager for Virtual Environments, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading, denial of service on server.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 27/05/2014.
Identifiers: 1673051, CVE-2013-6713, VIGILANCE-VUL-14803.

Description of the vulnerability

The Data Protection for VMware GUI interface of IBM Tivoli Storage Manager for Virtual Environments product is used to back up and restore VMs.

However, an attacker can bypass access restrictions to data, in order to back up and restore VMs he does not have access to.

An attacker can therefore use IBM Tivoli Storage Manager for Virtual Environments, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2014-0114

Apache Struts 1: code execution via ClassLoader

Synthesis of the vulnerability

An attacker can use the "class" parameter, to manipulate the ClassLoader, in order to execute code.
Impacted products: Struts, Debian, BIG-IP Hardware, TMOS, Fedora, SiteScope, IRAD, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Traditional, IBM WebSphere ESB, MBS, MES, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, Puppet, RHEL, RSA Authentication Manager, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 26/05/2014.
Identifiers: 1672316, 1673982, 1674339, 1675822, 2016214, c04399728, c05324755, CERTFR-2014-AVI-382, cpuapr2017, cpujan2018, cpuoct2017, cpuoct2018, CVE-2014-0114, DSA-2940-1, ESA-2014-080, FEDORA-2014-9380, HPSBGN03669, HPSBMU03090, ibm10719287, ibm10719297, ibm10719301, ibm10719303, ibm10719307, MDVSA-2014:095, RHSA-2014:0474-01, RHSA-2014:0497-01, RHSA-2014:0500-01, RHSA-2014:0511-01, RHSA-2018:2669-01, SOL15282, SUSE-SU-2014:0902-1, swg22017525, VIGILANCE-VUL-14799, VMSA-2014-0008, VMSA-2014-0008.1, VMSA-2014-0008.2, VMSA-2014-0012.

Description of the vulnerability

The Apache Struts product is used to develop Java EE applications.

However, the "class" parameter is mapped to getClass(), and can be used to manipulate the ClassLoader.

An attacker can therefore use the "class" parameter, to manipulate the ClassLoader, in order to execute code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2014-0963

IBM GSKit: infinite loop of SSL

Synthesis of the vulnerability

An attacker can send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service.
Impacted products: DB2 UDB, Domino, I-Connect, Informix Server, Notes, Security Directory Server, SPSS Modeler, Tivoli Storage Manager, Tivoli Workload Scheduler.
Severity: 3/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 20/05/2014.
Identifiers: 1610582, 1671732, 1672724, 1673008, 1673018, 1673666, 1673696, 1674047, 1674824, 1674825, 1681114, 7042179, CVE-2014-0963, VIGILANCE-VUL-14775.

Description of the vulnerability

The IBM Global Security Kit (GSKit) suite implements the support of SSL/TLS for several IBM applications.

However, some SSL messages generate an infinite loop in GSKit.

An attacker can therefore send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2013-3976

IBM Tivoli Storage Manager for Mail: mailbox disclosure

Synthesis of the vulnerability

An attacker can request a mailbox to be restored via IBM Tivoli Storage Manager for Mail, in order to obtain sensitive information.
Impacted products: Tivoli Storage Manager.
Severity: 2/4.
Consequences: data reading.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 27/03/2014.
Identifiers: 1644407, CVE-2013-3976, IC81223, VIGILANCE-VUL-14489.

Description of the vulnerability

The IBM Tivoli Storage Manager for Mail Data Protection for Microsoft Exchange Server product is used to restore users' PST mailboxes.

However, when two mailboxes are restored simultaneously, a user may receive the mailbox of another user.

An attacker can therefore request a mailbox to be restored via IBM Tivoli Storage Manager for Mail, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2014-0050

Apache Tomcat: denial of service via Apache Commons FileUpload

Synthesis of the vulnerability

An attacker can use a long Content-Type header, to generate an infinite loop in Apache Commons FileUpload or Apache Tomcat, in order to trigger a denial of service.
Impacted products: Tomcat, Debian, BIG-IP Hardware, TMOS, Fedora, SiteScope, Domino, QRadar SIEM, Tivoli Storage Manager, WebSphere AS Traditional, MBS, ePO, openSUSE, Oracle Communications, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive, vCenter Server, VMware vSphere.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 06/02/2014.
Revision date: 13/02/2014.
Identifiers: 1667254, 1676656, 1680564, 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, 2015814, BID-65400, c05324755, CERTFR-2014-AVI-200, CERTFR-2014-AVI-282, CERTFR-2014-AVI-368, CERTFR-2014-AVI-382, cpuoct2016, CVE-2014-0050, DSA-2856-1, DSA-2897-1, FEDORA-2014-2175, FEDORA-2014-2183, HPSBGN03669, MDVSA-2014:056, MDVSA-2015:084, openSUSE-SU-2014:0527-1, openSUSE-SU-2014:0528-1, RHSA-2014:0252-01, RHSA-2014:0253-01, RHSA-2014:0373-01, RHSA-2014:0400-03, RHSA-2014:0401-02, RHSA-2014:0429-01, RHSA-2014:0452-01, RHSA-2014:0459-01, RHSA-2014:0473-01, RHSA-2014:0525-01, RHSA-2014:0526-01, RHSA-2014:0527-01, RHSA-2014:0528-01, RHSA-2015:1009, SB10079, SOL15189, SUSE-SU-2014:0548-1, USN-2130-1, VIGILANCE-VUL-14183, VMSA-2014-0007, VMSA-2014-0007.1, VMSA-2014-0007.2, VMSA-2014-0008, VMSA-2014-0008.2, VMSA-2014-0012.

Description of the vulnerability

The Apache Commons FileUpload component manages the file upload feature. It is included in Apache Tomcat.

The HTTP Content-Type header indicates the type of the query body. However, if the size of this header is larger than 4091 bytes, the fileupload/MultipartStream.java class indefinitely tries to store data in an array which is too short.

An attacker can therefore use a long Content-Type header, to generate an infinite loop in Apache Commons FileUpload or Apache Tomcat, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2013-6747

IBM GSKit: denial of service via SSL/TLS

Synthesis of the vulnerability

An attacker can send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service.
Impacted products: DB2 UDB, Informix Server, Security Directory Server, SPSS Modeler, Tivoli Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere MQ.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 30/01/2014.
Identifiers: 1610582, 1662902, 1665137, 1668664, 1670524, 1671732, 1673696, 1674047, 1674824, 1674825, CVE-2013-6747, VIGILANCE-VUL-14158.

Description of the vulnerability

The IBM Global Security Kit (GSKit) suite implements the support of SSL/TLS for several IBM applications.

However, a malformed certificate chain triggers an error.

An attacker can therefore send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Spectrum Protect: