Die siberas GmbH ein auf Sicherheitsanalysen und Penetrationstests spezialisiertes Beratungsunternehmen, welches Sie herstellerunabhängig und kompetent im Bereich IT-Sicherheit berät.


IBM TSM FastBack _CalcHashValueWithLength Remote Denial of Service Vulnerability

Reference ID: SSA-1017
Publication date: 29.09.2010
Severity: medium
Discovered by: Sebastian Apelt

Affected versions: - and -

Description from ZDI advisory: The specific flaw exists within FastBackServer.exe process which listens by default on TCP port 11406. The problematic code resides within a function responsible for reading a block of network packet data. A parameter to this function is initialized to 0 and under certain conditions this value will be accessed before properly initialized. This causes a NULL pointer to be dereferenced and subsequent application crash due to a lack of exception handling. Successful exploitation leads to immediate termination of the fastback server.

Patch on IBM homepage