IBM has issued a warning to customers that security fixes should be installed for two vulnerabilities in the IBM Tivoli Storage Manager (TSM) backup software client. The security holes could allow a buffer overrun attack or enable unauthorized access to stored data, IBM said.
In the alert advisory issued late last week, IBM security researchers said that three client interfaces of TSM -- the Web client GUI, the backup-archive client scheduling tool, and the backup-archive server-initiated prompted scheduling product -- could be impacted by the vulnerabilities. No other TSM client tools are affected, IBM said.
By taking advantage of the TSM vulnerabilities, hackers could subvert the backup software's code in two ways, IBM said: A buffer overrun could crash an operating system, or the exploit could open the door for injection code execution. The vulnerability could also allow someone to take advantage of server-initiated prompted scheduling to gain access to private information.
According to IBM, the vulnerabilities are in TSM Express backup clients, and TSM v5.1, v5.2, v5.3 and v5.4 backup-archive clients.
Links within IBM's security advisory provide update packages for immediate download and instructions for installation.
IBM is recommending that customers refrain from using the affected clients until the fixes are installed.