CVE-2010-3758

Name of the Vulnerable Software and Affected Versions IBM Tivoli Storage Manager (TSM) FastBack versions 5.5.0.0 through 5.5.6.0 IBM Tivoli Storage Manager (TSM) FastBack versions 6.1.0.0 through 6.1.0.1

Description The issue involves multiple stack-based buffer overflows in FastBackServer.exe, allowing remote attackers to execute arbitrary code. This can be achieved through various vectors, including the AGI SendToLog function, the group, workgroup, or domain name field to the USER S AddADGroup function, the user path variable to the FXCLI checkIndexDBLocation function, or the AGI S ActivateLTScriptReply function.

Recommendations For versions 5.5.0.0 through 5.5.6.0, consider disabling the AGI SendToLog function and restricting access to the USER S AddADGroup function until a patch is available. For versions 6.1.0.0 through 6.1.0.1, avoid using the user path variable in the FXCLI checkIndexDBLocation function and restrict access to the AGI S ActivateLTScriptReply function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.