ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] Privilege escalation bug

2015-02-25 12:15:04
Subject: Re: [ADSM-L] Privilege escalation bug
From: Zoltan Forray <zforray AT VCU DOT EDU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Wed, 25 Feb 2015 12:11:39 -0500 
Does not specifically say if it includes SOLARIS (only says "*UNIX, Linux,
and OS X allows local users to gain privileges via unspecified vectors.*").
Do I assume since it says "UNIX" SOLARIS is includes?  We have some old
Domino Solaris boxes (supposed to go away some time soon....) still running
6.1.3....



On Wed, Feb 25, 2015 at 10:56 AM, Thomas Denier <Thomas.Denier AT jefferson DOT 
edu
> wrote:

> I received a security bulletin from IBM yesterday regarding "Tivoli
> Storage Manager Stack-based Buffer Overflow Elevation of Privilege:
> CVE-2014-6184". The affected version/release combinations listed in the
> bulletin run from 5.4 to 6.3. We still have one Linux system with 5.3
> client code. Can I treat the list of affected releases as an explicit
> assurance that the 5.3 client does not have the vulnerability discussed in
> the bulletin? The alternative possibility that worries me is that 5.4 is
> the oldest level IBM thought it worthwhile to check.
>
> Thomas Denier
> Thomas Jefferson University
> The information contained in this transmission contains privileged and
> confidential information. It is intended only for the use of the person
> named above. If you are not the intended recipient, you are hereby notified
> that any review, dissemination, distribution or duplication of this
> communication is strictly prohibited. If you are not the intended
> recipient, please contact the sender by reply email and destroy all copies
> of the original message.
>
> CAUTION: Intended recipients should NOT use email communication for
> emergent or urgent health care matters.
>



--
*Zoltan Forray*
TSM Software & Hardware Administrator
Hobbit / Xymon Administrator
Virginia Commonwealth University
UCC/Office of Technology Services
zforray AT vcu DOT edu - 804-828-4807
Don't be a phishing victim - VCU and other reputable organizations will
never use email to request that you reply with your password, social
security number or confidential personal information. For more details
visit http://infosecurity.vcu.edu/phishing.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] Privilege escalation bug, Thomas Denier
Next by Date:  Re: [ADSM-L] Privilege escalation bug, Skylar Thompson
Previous by Thread:  Re: [ADSM-L] Privilege escalation bug, Thomas Denier
Next by Thread:  Re: [ADSM-L] Privilege escalation bug, Skylar Thompson
Indexes:  [Date] [Thread] [Top] [All Lists]