Die siberas GmbH ein auf Sicherheitsanalysen und Penetrationstests spezialisiertes Beratungsunternehmen, welches Sie herstellerunabhängig und kompetent im Bereich IT-Sicherheit berät.
IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability
Reference ID: SSA-1017Affected versions: 5.5.0.0 - 5.5.6.0 and 6.1.0.0 - 6.1.0.1
Description from ZDI advisory: The specific flaw exists within FastBackServer.exe process which listens by default on TCP port 11406. The problematic code resides within a function responsible for reading a block of network packet data. A parameter to this function is initialized to 0 and under certain conditions this value will be accessed before properly initialized. This causes a NULL pointer to be dereferenced and subsequent application crash due to a lack of exception handling. Successful exploitation leads to immediate termination of the fastback server.
References:
ZDI-10-187
Patch on IBM homepage