Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

EGI CSIRT:Alerts/tsm-2010-12-16

From EGIWiki
Revision as of 12:38, 16 December 2010 by Ocalladw (talk | contribs)
Jump to navigation Jump to search

DRAFT

** WHITE information - Unlimited distribution allowed                       ** 
** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **

EGI CSIRT ADVISORY [EGI-ADV-2010-12-16]

Title:       CRITICAL root vulnerabilities in Tivoli Storage Manager (TSM) client software [EGI-ADV-20101216] TLP:WHITE
Date:        2010-12-16

URL:         https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/tsm-2010-12-16number> 


Introduction
============

Multiple vulnerabilities have been found in IBM Tivoli Storage Manager (TSM) client software.
This is CRITICAL for sites running the software, and moderate risk for the EGI infrastructure as a whole.


A patch is available from the vendor (see link below).


Details
=======

One of the vulnerabilities would allow unauthorized users with network access to execute commands.
The commands could, for example, allow the attacker to read, copy, alter, or delete files on the client machine.

The other vulnerabilities would allow a local user to read, copy, alter, or delete files, or to 
replace system files on the client with arbitrary content.


Risk Category
=============

This issue has been assessed as CRITICAL by the EGI CSIRT for sites who are using this software, 
but it is moderate risk for the EGI infrastructure as a whole.


Affected Software
=================

IBM Tivoli Storage Manager (TSM). RedHat packages are named TIVsm-*.

For each release, the vendor has provided the version numbers for vulnerable and fixed patch levels.

Release    Vulnerable versions        Fixed version
TSM 6.2    6.2.0.0 through 6.2.1.1    6.2.2
TSM 6.1    6.1.0.0 through 6.1.3.4    6.1.4
TSM 5.5    5.5.0.0 through 5.5.2.12   5.5.3
TSM 5.4    5.4.0.0 through 5.4.3.3    5.4.3.4

Mitigation
==========

The only known mitigation is to install the patched software available from IBM.


Component Installation information
==================================

Fixes are available from IBM, linked from the Alert at
http://www-01.ibm.com/support/docview.wss?uid=swg21454745&myns=swgtiv&mynp=OCSSGSG7&mync=E

Recommendations
===============

Sites running IBM Tivoli Storage Manager should check if they are running a vulnerable version.

These sites should immediately apply the vendor patches.

All running resources MUST be either patched or otherwise have a
work-around in place by 2010-12-23 T21:00+01:00. 


Credit
======

This vulnerability was reported by IBM and Kryptos Logic.


References
==========

IBM Alert:

http://www-01.ibm.com/support/docview.wss?uid=swg21454745&myns=swgtiv&mynp=OCSSGSG7&mync=E


Timeline
========
2010-12-16

2010-12-14 IBM alert published
2010-12-15 EGI CSIRT / RAT /SVG notified
2010-12-16 EGI advisory published




On behalf of the EGI CSIRT and SVG