cnvd - cnvd-2018-24265

CNVD-2018-24265

Vulnerability from cnvd - Published: 2018-11-29

Title

IBM Spectrum Protect Client和Spectrum Protect for Virtual Environments拒绝服务漏洞

Description

IBM Spectrum Protect（前称Tivoli Storage Manager）是美国IBM公司的一套数据保护平台，它为企业提供单一控制和管理点，并支持对所有规模的虚拟、物理和云环境进行备份和恢复。IBM Spectrum Protect Client是它的客户端程序。Spectrum Protect for Virtual Environments是虚拟环境版本。 IBM Spectrum Protect Client和Spectrum Protect for Virtual Environments中存在拒绝服务漏洞，攻击者可利用该漏洞造成TCP/IP资源泄露，导致拒绝服务。

Severity

中

Patch Name

IBM Spectrum Protect Client和Spectrum Protect for Virtual Environments拒绝服务漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www-01.ibm.com/support/docview.wss?uid=ibm10738765

Reference

https://www-01.ibm.com/support/docview.wss?uid=ibm10738765

Impacted products

Name
['IBM Spectrum Protect Client >8.1.0.0，<8.1.6.0', 'IBM Spectrum Protect for Virtual Environments（Data Protection for VMware） >8.1.0.0，<8.1.6.0', 'IBM Spectrum Protect for Virtual Environments（Data Protection for VMware） >7.1.0.0，<7.1 8.3', 'IBM Spectrum Protect for Virtual Environments（Data Protection for Hyper-V） >8.1.0.0，<8.1.6.0', 'IBM Spectrum Protect for Virtual Environments（Data Protection for Hyper-V） >7.1.0.0，<7.1.8.0']

Name

['IBM Spectrum Protect Client >8.1.0.0，<8.1.6.0', 'IBM Spectrum Protect for Virtual Environments（Data Protection for VMware） >8.1.0.0，<8.1.6.0', 'IBM Spectrum Protect for Virtual Environments（Data Protection for VMware） >7.1.0.0，<7.1 8.3', 'IBM Spectrum Protect for Virtual Environments（Data Protection for Hyper-V） >8.1.0.0，<8.1.6.0', 'IBM Spectrum Protect for Virtual Environments（Data Protection for Hyper-V） >7.1.0.0，<7.1.8.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1786"
    }
  },
  "description": "IBM Spectrum Protect\uff08\u524d\u79f0Tivoli Storage Manager\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u4fdd\u62a4\u5e73\u53f0\uff0c\u5b83\u4e3a\u4f01\u4e1a\u63d0\u4f9b\u5355\u4e00\u63a7\u5236\u548c\u7ba1\u7406\u70b9\uff0c\u5e76\u652f\u6301\u5bf9\u6240\u6709\u89c4\u6a21\u7684\u865a\u62df\u3001\u7269\u7406\u548c\u4e91\u73af\u5883\u8fdb\u884c\u5907\u4efd\u548c\u6062\u590d\u3002IBM Spectrum Protect Client\u662f\u5b83\u7684\u5ba2\u6237\u7aef\u7a0b\u5e8f\u3002Spectrum Protect for Virtual Environments\u662f\u865a\u62df\u73af\u5883\u7248\u672c\u3002\n\nIBM Spectrum Protect Client\u548cSpectrum Protect for Virtual Environments\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210TCP/IP\u8d44\u6e90\u6cc4\u9732\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "unknown",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www-01.ibm.com/support/docview.wss?uid=ibm10738765",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-24265",
  "openTime": "2018-11-29",
  "patchDescription": "IBM Spectrum Protect\uff08\u524d\u79f0Tivoli Storage Manager\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957\u6570\u636e\u4fdd\u62a4\u5e73\u53f0\uff0c\u5b83\u4e3a\u4f01\u4e1a\u63d0\u4f9b\u5355\u4e00\u63a7\u5236\u548c\u7ba1\u7406\u70b9\uff0c\u5e76\u652f\u6301\u5bf9\u6240\u6709\u89c4\u6a21\u7684\u865a\u62df\u3001\u7269\u7406\u548c\u4e91\u73af\u5883\u8fdb\u884c\u5907\u4efd\u548c\u6062\u590d\u3002IBM Spectrum Protect Client\u662f\u5b83\u7684\u5ba2\u6237\u7aef\u7a0b\u5e8f\u3002Spectrum Protect for Virtual Environments\u662f\u865a\u62df\u73af\u5883\u7248\u672c\u3002\r\n\r\nIBM Spectrum Protect Client\u548cSpectrum Protect for Virtual Environments\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210TCP/IP\u8d44\u6e90\u6cc4\u9732\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Spectrum Protect Client\u548cSpectrum Protect for Virtual Environments\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM Spectrum Protect Client \u003e8.1.0.0\uff0c\u003c8.1.6.0",
      "IBM Spectrum Protect for Virtual Environments\uff08Data Protection for VMware\uff09 \u003e8.1.0.0\uff0c\u003c8.1.6.0",
      "IBM Spectrum Protect for Virtual Environments\uff08Data Protection for VMware\uff09 \u003e7.1.0.0\uff0c\u003c7.1 8.3",
      "IBM Spectrum Protect for Virtual Environments\uff08Data Protection for Hyper-V\uff09 \u003e8.1.0.0\uff0c\u003c8.1.6.0",
      "IBM Spectrum Protect for Virtual Environments\uff08Data Protection for Hyper-V\uff09 \u003e7.1.0.0\uff0c\u003c7.1.8.0"
    ]
  },
  "referenceLink": "https://www-01.ibm.com/support/docview.wss?uid=ibm10738765",
  "serverity": "\u4e2d",
  "submitTime": "2018-11-13",
  "title": "IBM Spectrum Protect Client\u548cSpectrum Protect for Virtual Environments\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2018-1786 (GCVE-0-2018-1786)

Vulnerability from cvelistv5 – Published: 2018-11-12 16:00 – Updated: 2024-09-17 01:01

Summary

IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.0/A:L/AC:L/AV:N/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O

CWE

Denial of Service

Assigner

ibm

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.ibm.com/support/docview.wss?uid=ibm10738765	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/105940	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	IBM	Spectrum Protect	Affected: 7.1 Affected: 8.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.390Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-tivoli-cve20181786-dos(148871)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
          },
          {
            "name": "105940",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105940"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spectrum Protect",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.1"
            },
            {
              "status": "affected",
              "version": "8.1"
            }
          ]
        }
      ],
      "datePublic": "2018-11-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.6,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:L/AC:L/AV:N/C:N/I:N/PR:N/S:U/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-16T10:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-tivoli-cve20181786-dos(148871)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
        },
        {
          "name": "105940",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105940"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-11-08T00:00:00",
          "ID": "CVE-2018-1786",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spectrum Protect",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.1"
                          },
                          {
                            "version_value": "8.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Spectrum Protect 7.1 and 8.1 dsmc and dsmcad processes incorrectly accumulate TCP/IP sockets in a CLOSE_WAIT state. This can cause TCP/IP resource leakage and may result in a denial of service. IBM X-Force ID: 148871."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-tivoli-cve20181786-dos(148871)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148871"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10738765",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10738765"
            },
            {
              "name": "105940",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105940"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1786",
    "datePublished": "2018-11-12T16:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T01:01:42.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-24265

CVE-2018-1786 (GCVE-0-2018-1786)

Tags

Sightings

Nomenclature