Difference between revisions of "EGI CSIRT:Alerts/tsm-2010-12-16"
Jump to navigation
Jump to search
(Created page with ''''DRAFT''' <pre> ** WHITE information - Unlimited distribution allowed ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **…') |
|||
Line 7: | Line 7: | ||
EGI CSIRT ADVISORY [EGI-ADV-2010-12-16] | EGI CSIRT ADVISORY [EGI-ADV-2010-12-16] | ||
Title: CRITICAL | Title: CRITICAL root vulnerabilities in Tivoli Storage Manager (TSM) client software [EGI-ADV-20101216] TLP:WHITE | ||
Date: 2010-12-16 | Date: 2010-12-16 | ||
Line 16: | Line 16: | ||
============ | ============ | ||
Multiple vulnerabilities have been found in IBM Tivoli Storage Manager (TSM) client software. | |||
This is CRITICAL for sites running the software, and moderate risk for the EGI infrastructure as a whole. | |||
A patch is available from the vendor (see link below). | |||
Line 33: | Line 26: | ||
======= | ======= | ||
One of the vulnerabilities would allow unauthorized users with network access to execute commands. | |||
The commands could, for example, allow the attacker to read, copy, alter, or delete files on the client machine. | |||
The other vulnerabilities would allow a local user to read, copy, alter, or delete files, or to | |||
replace system files on the client with arbitrary content. | |||
Line 49: | Line 37: | ||
This issue has been assessed as CRITICAL by the EGI CSIRT for sites who are using this software, | This issue has been assessed as CRITICAL by the EGI CSIRT for sites who are using this software, | ||
but it is | but it is moderate risk for the EGI infrastructure as a whole. | ||
Line 69: | Line 57: | ||
The only known mitigation is to install the patched software available from IBM. | The only known mitigation is to install the patched software available from IBM. | ||
Line 82: | Line 68: | ||
=============== | =============== | ||
Sites running IBM Tivoli Storage Manager should check if they are running a vulnerable version. | |||
These sites should immediately apply the vendor patches. | |||
All running resources MUST be either patched or otherwise have a | |||
work-around in place by 2010-12-23 T21:00+01:00. | |||
Revision as of 13:38, 16 December 2010
DRAFT
** WHITE information - Unlimited distribution allowed ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions ** EGI CSIRT ADVISORY [EGI-ADV-2010-12-16] Title: CRITICAL root vulnerabilities in Tivoli Storage Manager (TSM) client software [EGI-ADV-20101216] TLP:WHITE Date: 2010-12-16 URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/tsm-2010-12-16number> Introduction ============ Multiple vulnerabilities have been found in IBM Tivoli Storage Manager (TSM) client software. This is CRITICAL for sites running the software, and moderate risk for the EGI infrastructure as a whole. A patch is available from the vendor (see link below). Details ======= One of the vulnerabilities would allow unauthorized users with network access to execute commands. The commands could, for example, allow the attacker to read, copy, alter, or delete files on the client machine. The other vulnerabilities would allow a local user to read, copy, alter, or delete files, or to replace system files on the client with arbitrary content. Risk Category ============= This issue has been assessed as CRITICAL by the EGI CSIRT for sites who are using this software, but it is moderate risk for the EGI infrastructure as a whole. Affected Software ================= IBM Tivoli Storage Manager (TSM). RedHat packages are named TIVsm-*. For each release, the vendor has provided the version numbers for vulnerable and fixed patch levels. Release Vulnerable versions Fixed version TSM 6.2 6.2.0.0 through 6.2.1.1 6.2.2 TSM 6.1 6.1.0.0 through 6.1.3.4 6.1.4 TSM 5.5 5.5.0.0 through 5.5.2.12 5.5.3 TSM 5.4 5.4.0.0 through 5.4.3.3 5.4.3.4 Mitigation ========== The only known mitigation is to install the patched software available from IBM. Component Installation information ================================== Fixes are available from IBM, linked from the Alert at http://www-01.ibm.com/support/docview.wss?uid=swg21454745&myns=swgtiv&mynp=OCSSGSG7&mync=E Recommendations =============== Sites running IBM Tivoli Storage Manager should check if they are running a vulnerable version. These sites should immediately apply the vendor patches. All running resources MUST be either patched or otherwise have a work-around in place by 2010-12-23 T21:00+01:00. Credit ====== This vulnerability was reported by IBM and Kryptos Logic. References ========== IBM Alert: http://www-01.ibm.com/support/docview.wss?uid=swg21454745&myns=swgtiv&mynp=OCSSGSG7&mync=E Timeline ======== 2010-12-16 2010-12-14 IBM alert published 2010-12-15 EGI CSIRT / RAT /SVG notified 2010-12-16 EGI advisory published On behalf of the EGI CSIRT and SVG