WER IST SIBERAS?

Die siberas GmbH ein auf Sicherheitsanalysen und Penetrationstests spezialisiertes Beratungsunternehmen, welches Sie herstellerunabhängig und kompetent im Bereich IT-Sicherheit berät.

KONTAKT

IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability

Reference ID: SSA-1017
Publication date: 29.09.2010
Severity: medium
Discovered by: Sebastian Apelt

Affected versions: 5.5.0.0 - 5.5.6.0 and 6.1.0.0 - 6.1.0.1

Description from ZDI advisory: The specific flaw exists within FastBackServer.exe process which listens by default on TCP port 11406. The problematic code resides within a function responsible for reading a block of network packet data. A parameter to this function is initialized to 0 and under certain conditions this value will be accessed before properly initialized. This causes a NULL pointer to be dereferenced and subsequent application crash due to a lack of exception handling. Successful exploitation leads to immediate termination of the fastback server.

References:
ZDI-10-187
Patch on IBM homepage