IBM warns of flaw in Tivoli Storage Manager Express

Security patch included in Storage Manager Express 5.3.7.3 fix pack software update

IBM has issued a warning about a security flaw in Tivoli Storage Manager Express backup and recovery system that could enable unauthorized access to data stored on the system.

IBM issued the alert last week, and recommended that users immediately download and install a patch to fix an uncovered heap overflow security hole in Express Server. If left unprotected the flaw could enable an attacker to execute arbitrary code on at risk systems to compromise TSM Express, said IBM.

A security patch for the heap overflow is included in the Storage Manager Express 5.3.7.3 fix pack software update, IBM said.

According to IBM's security alert, an attacker could deliver specially built packets to a Express server by directly opening the server TCP socket, instead of the TSM client, to enact a buffer overflow. The buffer overflow could allow a remote party to inject arbitrary code directly into TSM Express server that would be executed along with SYSTEM user privileges.

The TSM Express flaw was recently discovered by a security research team at security tool maker TippingPoint, a division of 3Com.

The advisory marks the second time in four months that IBM has scrambled to plug Tivoli Storage Manager security holes. In September, the company notified customers to patch two vulnerabilities in the Tivoli Storage Manager backup client that could allow data to be exposed if left unprotected.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Brian Fonseca

Computerworld

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?