IBM Tivoli Storage Manager Server 6.2.x < 6.2.6.0 Multiple Vulnerabilities

low Nessus Plugin ID 77118

Synopsis

The remote backup service is affected by multiple vulnerabilities.

Description

The version of IBM Tivoli Storage Manager installed on the remote host is 6.2.x prior to 6.2.6.0. It is, therefore, potentially affected by multiple flaws in its bundled SSL library:

- A flaw that could allow a remote attacker to cause a denial of service via a specially crafted 'ClientHello' message. (CVE-2012-2190).

- A flaw that could allow a remote attacker to cause a denial of service via a specially crafted value in the TLS Record Layer. (CVE-2012-2191).

- A flaw that could allow a remote attacker to perform a statistical timing attack known as 'Lucky Thirteen'.
(CVE-2013-0169).

Solution

Upgrade to IBM Tivoli Storage Manager 6.2.6.0, 6.3.4.200 or later or disable SSL.

See Also

http://www.nessus.org/u?7d4a4639

http://www.nessus.org/u?004af981

http://www.nessus.org/u?9986de60

http://www.nessus.org/u?c6ba80ec

http://www.nessus.org/u?8e222bc8

http://www.nessus.org/u?002f4534

Plugin Details

Severity: Low

ID: 77118

File Name: ibm_tsm_server_6_2_6_0.nasl

Version: 1.6

Type: remote

Family: General

Published: 8/11/2014

Updated: 12/5/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2013-0169

Vulnerability Information

CPE: cpe:/a:ibm:tivoli_storage_manager

Required KB Items: installed_sw/IBM Tivoli Storage Manager

Exploit Ease: No known exploits are available

Patch Publication Date: 3/28/2014

Vulnerability Publication Date: 8/6/2012

Reference Information

CVE: CVE-2012-2190, CVE-2012-2191, CVE-2013-0169

BID: 54743, 55185, 57778