CVE-2016-5985 IBM CVE debrief

Who should care

IBM Spectrum Protect / Tivoli Storage Manager administrators, especially those running the AIX client with Journal-Based Backup enabled. Security teams responsible for local privilege control and patching on affected backup hosts should also prioritize this issue.

Technical summary

NVD identifies this issue as CWE-119 (buffer overflow) with CVSS 3.0 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerable surface is the IBM Tivoli Storage Manager AIX client when Journal-Based Backup is enabled. NVD lists affected Tivoli Storage Manager release lines and references an IBM PSIRT advisory for remediation guidance.

Defensive priority

High. The attack is local and requires limited privileges, but successful exploitation could lead to full compromise of the affected client process or a system crash.

Recommended defensive actions

• Identify IBM Tivoli Storage Manager / Spectrum Protect AIX clients in your environment and confirm whether Journal-Based Backup is enabled.
• Apply the IBM fix or upgrade referenced in the vendor advisory linked from NVD for any affected deployment.
• Restrict local access on backup hosts to trusted administrative users only, since the attack vector is local and requires privileges.
• Review logs and host stability for unexplained crashes or abnormal behavior on affected AIX clients.
• Validate current installed versions against the affected version ranges listed in NVD before and after remediation.

Evidence notes

This debrief is based on the CVE/NVD record and the IBM advisory reference cited by NVD. The record states that the IBM Tivoli Storage Manager AIX client is vulnerable when Journal-Based Backup is enabled, and that a local attacker may cause arbitrary code execution or a crash. NVD also supplies the CVSS 3.0 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H and CWE-119.

Official resources