Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

EGI CSIRT:Alerts/tsm-2010-12-16

From EGIWiki
Revision as of 13:27, 16 December 2010 by Ocalladw (talk | contribs) (Created page with ''''DRAFT''' <pre> ** WHITE information - Unlimited distribution allowed ** ** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **…')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

DRAFT 

** WHITE information - Unlimited distribution allowed                       ** 
** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **

EGI CSIRT ADVISORY [EGI-ADV-2010-12-16]

Title:       CRITICAL Root vulnerabilities in TSM clients [EGI-ADV-20101216] TLP:WHITE
Date:        2010-12-16

URL:         https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/tsm-2010-12-16number> 


Introduction
============


<Describe the reason for the issuing of this advisory - paragraph 3-5 sentences > 

< A vulnerability has been found in <xxx> software which is part of the <yyy> distribution.> 

<this could include - e.g. updated as patch available> 

<include cve- number if one has been issued> 

<include EGI RT number for SVG/UMD issues>




Details
=======



<describe the problem, something about why it occurs, and the effect on sites>


<take care not to release anything useful to an attacker, unless it is already public, 
especially if you are sending it in WHITE>

<this should not be long>



Risk Category
=============

This issue has been assessed as CRITICAL by the EGI CSIRT for sites who are using this software, 
but it is high risk for the EGI infrastructure as a whole.


Affected Software
=================

IBM Tivoli Storage Manager (TSM). RedHat packages are named TIVsm-*.

For each release, the vendor has provided the version numbers for vulnerable and fixed patch levels.

Release    Vulnerable versions        Fixed version
TSM 6.2    6.2.0.0 through 6.2.1.1    6.2.2
TSM 6.1    6.1.0.0 through 6.1.3.4    6.1.4
TSM 5.5    5.5.0.0 through 5.5.2.12   5.5.3
TSM 5.4    5.4.0.0 through 5.4.3.3    5.4.3.4

Mitigation
==========

The only known mitigation is to install the patched software available from IBM.

The remote access vulnerability


Component Installation information
==================================

Fixes are available from IBM, linked from the Alert at
http://www-01.ibm.com/support/docview.wss?uid=swg21454745&myns=swgtiv&mynp=OCSSGSG7&mync=E

Recommendations
===============

<as appropriate e.g.>

<Immediately apply the mitigation described above to all user-accessible systems.>

<Immediately apply vendor kernel updates when they become available.>

<List vendors who have already announced patches>

<Apply new version in EGI UMD>

<Sites are recommended to update relevant components.>


<(For critical) All running resources MUST be either patched or otherwise have a
work-around in place by yyyy-mm-dd  T21:00+01:00. 

<7 calendar days - but if the date falls on a Friday, weekend, or common public holiday, 
make it the first working day after people are expected back>


Credit
======

This vulnerability was reported by IBM and Kryptos Logic.


References
==========

IBM Alert:

http://www-01.ibm.com/support/docview.wss?uid=swg21454745&myns=swgtiv&mynp=OCSSGSG7&mync=E


Timeline
========
2010-12-16

2010-12-14 IBM alert published
2010-12-15 EGI CSIRT / RAT /SVG notified
2010-12-16 EGI advisory published




On behalf of the EGI CSIRT and SVG
Retrieved from "https://wiki.egi.eu/w/index.php?title=EGI_CSIRT:Alerts/tsm-2010-12-16&oldid=7039"