Re: For those Security conscious people running AIX

--duuuhh-- Thanks Justin, I missed that point-- "The tsm family of commands
(tsm,getty,login)".  Anyone have any idea of what tsm means (you know, the
(tsm,getty,login)".  Anyone have any idea of what tsm means (you know, the
obscure reason it was named tsm-- like AIX means Advanced Interactive
eXecutive?)

lisa



                    Justin Derrick
                    <jderrick@CANA       To:     ADSM-L AT VM.MARIST DOT EDU
                    DA.COM>              cc:
                    Sent by:             Subject:     Re: For those Security 
conscious people running AIX
                    "ADSM: Dist
                    Stor Manager"
                    <ADSM-L AT VM DOT MAR
                    IST.EDU>


                    04/04/2002
                    07:23 PM
                    Please respond
                    to "ADSM: Dist
                    Stor Manager"






Just to re-iterate...

>I wonder.....do you need to replace the tsm executable in /usr/sbin after
>you update TSM server code??????

No.  The 'tsm' in /usr/sbin has nothing to do with Tivoli Storage Manager.
I have absolutely *no* idea why IBM just didn't call it 'login', since that
what it's linked to.  =)

-JD.
>                    Gabriel Wiley
>                    Gabriel Wiley
>                    <wileyg AT US DOT IBM       To:     ADSM-L AT VM.MARIST 
> DOT EDU
>                    .COM>                cc:
>                    Sent by:             Subject:     Re: For those
>Security conscious people running AIX
>                    "ADSM: Dist
>                    Stor Manager"
>                    <ADSM-L AT VM DOT MAR
>                    IST.EDU>
>
>
>                    04/04/2002
>                    08:19 AM
>                    Please respond
>                    to "ADSM: Dist
>                    Stor Manager"
>
>
>
>
>
>
>Lisa,
>
>I just upgraded another server to ML9 + yesterday..
>
>I ordered the CD(s) in Feb. when they arrived it did not have the fileset.
>(CD was ML9 as of 02/06/02)
>
>It is an add on if you wish to call it that..
>
>Gabriel C. Wiley
>ADSM/TSM Administrator
>AIX Support
>Phone 1-614-308-6709
>Pager  1-877-489-2867
>Fax      1-614-308-6637
>Cell       1-740-972-6441
>
>Siempre Hay Esperanza
>
>
>
>
>                      Lisa Cabanas
>                      <CABANL AT MODOT DOT NET        To:
>ADSM-L AT VM.MARIST DOT EDU
>                      >                        cc:
>                      Sent by: "ADSM:          Subject:  Re: For those
>Security conscious people running AIX
>                      Dist Stor
>                      Manager"
>                      <[email protected]
>                      .EDU>
>
>
>                      04/03/2002 09:07
>                      AM
>                      Please respond to
>                      "ADSM: Dist Stor
>                      Manager"
>
>
>
>
>
>I think what Justin said about having to do extra steps is right (needing
>additional filesets, specifically)-- I am at ML9, but when I look at the
>levels of the filesets, they are still below what is indicated as being
>unaffected, and the instfix doesn't show that APAR.
>
>bummer.
>
>lisa
>
>
>
>                    Gabriel Wiley
>                    <wileyg AT US DOT IBM       To:     ADSM-L AT VM.MARIST 
> DOT EDU
>                    .COM>                cc:
>                    Sent by:             Subject:     Re: For those
>Security conscious people running AIX
>                    "ADSM: Dist
>                    Stor Manager"
>                    <ADSM-L AT VM DOT MAR
>                    IST.EDU>
>
>
>                    04/02/2002
>                    04:13 PM
>                    Please respond
>                    to "ADSM: Dist
>                    Stor Manager"
>
>
>
>
>
>
>I can't tell you if it was fixed in ML8 we went from ML3 to ML9 overnight
>(or a very long weekend) ..
>
>The security people, waived it in my face the other day and said get it
>fixed.
>
>Since we are at ML9 + there was no need , it was already there.
>
>If you go to the software website it says you need to install 388 or so
>filesets to be legit.. (Wrong not in this env.)
>
>There have been buffer overflow issues in every version of AIX so far..
>
>Problem Summar y
>
>                   The tsm family of commands (tsm,getty,login) does not
>                   properly validate the port name entered on the command
>line.
>                   This can allow unpriviledged users to become root.
>
>
>Gabriel C. Wiley
>ADSM/TSM Administrator
>AIX Support
>Phone 1-614-308-6709
>Pager  1-877-489-2867
>Fax      1-614-308-6637
>Cell       1-740-972-6441
>
>Siempre Hay Esperanza
>
>
>
>|---------+---------------------------->
>|         |           Justin Derrick   |
>|         |           <jderrick@CANADA.|
>|         |           COM>             |
>|         |           Sent by: "ADSM:  |
>|         |           Dist Stor        |
>|         |           Manager"         |
>|         |           <[email protected]|
>|         |           .EDU>            |
>|         |                            |
>|         |                            |
>|         |           04/02/2002 03:16 |
>|         |           PM               |
>|         |           Please respond to|
>|         |           "ADSM: Dist Stor |
>|         |           Manager"         |
>|         |                            |
>|---------+---------------------------->
>  >
>
-------------------------------------------------------------------------------
>-----------------------------------------------|
>-----------------------------------------------|
>
>
>
>  |
>|
>  |       To:       ADSM-L AT VM.MARIST DOT EDU
>|
>  |       cc:
>|
>  |       Subject:  Re: For those Security conscious people running AIX
>|
>  |
>|
>  |
>|
>  >
>
-------------------------------------------------------------------------------
>-----------------------------------------------|
>-----------------------------------------------|
>
>
>
>
>
>
>I think I had to install this separately at a client site because it
>required a few steps in order to take proper effect...  But to be
>absolutely clear, this isn't Tivoli Storage Manager related.  For some
>reason, the 'login' program on AIX is a link (an alias, if you will) to
the
>'tsm' program, which, again, has nothing to do with Tivoli Storage
Manager.
>
>-JD.
>
>>Isn't/Wasn't this taken care of in ML8?
>>
>>
>>
>>                    Gabriel Wiley
>>                    <wileyg AT US DOT IBM       To:     ADSM-L AT VM.MARIST 
>> DOT EDU
>>                    .COM>                cc:
>>                    Sent by:             Subject:     For those Security
>>conscious people running AIX
>>                    "ADSM: Dist
>>                    Stor Manager"
>>                    <ADSM-L AT VM DOT MAR
>>                    IST.EDU>
>>
>>
>>                    04/02/2002
>>                    12:14 PM
>>                    Please respond
>>                    to "ADSM: Dist
>>                    Stor Manager"
>>
>>
>>
>>
>>
>>
>>If you are not aware .. FYI ****
>>
>>SECURITY: MULTIPLE BUFFER OVERFLOW VULNERABILITIES IN TSMLOGIN
>>
>>Created:    01/04/2002 at 03:22 PM
>>
>>
>>  Published Date:                      01/04/2002
>>
>>
>>
>>
>>
>>
>>  OS or Applications Affected:         AIX
>>
>>  Versions Affected:                   4.3
>>
>>
>>
>>
>>
>>  Severity:                            Medium
>>
>>
>>
>>
>>
>>  APAR/Patch ID:                       IY26443
>>
>>  Workaround Available?:               No
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>Run this command to see if you have it ;
>>
>>instfix -ik IY26443
>>
>>      or
>>
>>instfix -ick IY26443
>>
>>Keyword:Fileset:ReqLevel:InstLevel:Status:Abstract
>>Y26443:bos.rte.security:4.3.3.79:4.3.3.79:=:SECURITY: Multiple buffer
>>overflow vulnerabilities in tsmlogin
>>
>>
>>Gabriel C. Wiley
>>ADSM/TSM Administrator
>>AIX Support
>>Phone 1-614-308-6709
>>Pager  1-877-489-2867
>>Fax      1-614-308-6637
>>Cell       1-740-972-6441
>>
>>Siempre Hay Esperanza