* IBM Tivoli Storage Manager FastBack version 5.5
* IBM Tivoli Storage Manager FastBack version 6.1
Authentication is not required to exploit this vulnerability.
The specific flaw exists within the FastBackMount.exe component which listens by default on TCP port 30051. When handling a failed memory allocation due to a large size provided by an attacker an exception handler is invoked which attempts to log the event. Due to the previously failed allocation a null pointer is dereferenced when creating a string to send to log causing the process to terminate. A remote attacker can exploit this vulnerability to terminate the FastBackMount.exe process and deny service to clients.
If you are using a vulnerable level of IBM Tivoli Storage Manager FastBack 5.5, install version 5.5.7.
If you are using a vulnerable level of IBM Tivoli Storage Manager FastBack 6.1, install version 6.1.1.
2010-06-17 - Vulnerability reported to vendor
2010-09-30 - Coordinated public release of advisory