CVE-2010-3754

Name of the Vulnerable Software and Affected Versions IBM Tivoli Storage Manager (TSM) FastBack versions 5.5.0.0 through 5.5.6.0 IBM Tivoli Storage Manager (TSM) FastBack versions 6.1.0.0 through 6.1.0.1

Description The issue allows remote attackers to execute arbitrary code via a crafted packet. This is due to the FXCLI OraBR Exec Command function in FastBackServer.exe using values of packet fields to determine the content and length of data copied to memory.

Recommendations For versions 5.5.0.0 through 5.5.6.0, consider disabling the FXCLI OraBR Exec Command function until a patch is available. For versions 6.1.0.0 through 6.1.0.1, consider disabling the FXCLI OraBR Exec Command function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.