IBM Security Bulletin: Buffer Overflow from improperly formatted SELECT command in IBM Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-8998)

An improperly formatted SELECT command to an IBM Tivoli Storage Manager (IBM Spectrum Protect) Server can cause a buffer overflow that could allow an attacker to execute arbitrary code on the server.

CVE(s): CVE-2016-8998

Affected product(s) and affected version(s):

This vulnerability affects the following IBM Tivoli Storage Manager (IBM Spectrum Protect) Server levels:

Note that this vulnerability has been fixed in 8.1.0.0.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2mgEgQH
X-Force Database: http://ift.tt/2kQqcAl

The post IBM Security Bulletin: Buffer Overflow from improperly formatted SELECT command in IBM Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-8998) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2mgnfX6