IBM Tivoli Storage Manager traditional scheduler denial of service
|tsm-scheduler-dos (81215)||Medium Risk|
IBM Tivoli Storage Manager (TSM) is vulnerable to a denial of service. In the TSM client, a remote attacker could disable the traditional scheduler when it is in Prompted mode (SCHEDMODE=PROMPTED). Once disabled, no more schedules (such as scheduled backups) would be run and the TSM server log would show that schedules for that node are missed.
Denial of Service
Refer to IBM Security Bulletin 1624135 for patch, upgrade or suggested workaround information. See References.
- IBM Security Bulletin 1624135: TSM Client Scheduler Denial Of Service Vulnerability (CVE-2013-0471).
- BID-57737: IBM Tivoli Storage Manager CVE-2013-0471 Denial of Service Vulnerability
- CVE-2013-0471: The traditional scheduler in the client in IBM Tivoli Storage Manager (TSM) before 18.104.22.168, 6.3 before 22.214.171.124, and 6.4 before 126.96.36.199, when Prompted mode is enabled, allows remote attackers to cause a denial of service (scheduling outage) via unspecified vectors.
- SA52089: IBM Tivoli Storage Manager Client Scheduler Security Bypass Vulnerability
- IBM Tivoli Storage Manager 5.5
- IBM Tivoli Storage Manager 6.1
- IBM Tivoli Storage Manager 6.2
- IBM Tivoli Storage Manager 6.3
- IBM Tivoli Storage Manager 6.4
Jan 31, 2013
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this