CVE-2010-3756

Name of the Vulnerable Software and Affected Versions IBM Tivoli Storage Manager (TSM) FastBack versions 5.5.0.0 through 5.5.6.0 IBM Tivoli Storage Manager (TSM) FastBack versions 6.1.0.0 through 6.1.0.1

Description The issue is related to the CalcHashValueWithLength function in FastBackServer.exe, which does not properly validate an unspecified length value. This allows remote attackers to cause a denial of service by sending data over TCP, resulting in a daemon crash.

Recommendations For versions 5.5.0.0 through 5.5.6.0, consider disabling the CalcHashValueWithLength function as a temporary workaround until a patch is available. For versions 6.1.0.0 through 6.1.0.1, restrict access to the FastBackServer.exe to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.