ADSM-L

Re: [ADSM-L] Privilege escalation bug

2015-02-25 15:14:44
Subject: Re: [ADSM-L] Privilege escalation bug
From: Thomas Denier <Thomas.Denier AT JEFFERSON DOT EDU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Wed, 25 Feb 2015 20:12:49 +0000
I signed up for a subscription for notices related to TSM. The trailer 
information on the privilege escalation bulletin advises using the URL:

https://www.ibm.com/support/mynotifications

to subscribe or unsubscribe.

-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Zoltan Forray
Sent: Wednesday, February 25, 2015 3:01 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: [ADSM-L] Privilege escalation bug

Where are you getting the bulletins/alerts from?  I wouldn't have know about it 
if it wasn't for your posting.  I have passed this on to my folks
- we too have old clients going back to 5.3 and older (IRIX?)

On Wed, Feb 25, 2015 at 12:55 PM, Thomas Denier <Thomas.Denier AT jefferson DOT 
edu
> wrote:

> The body of the bulletin I received states that the affected platforms
> are AIX, HP-UX, Linux, Solaris, and Mac.
>
> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf
> Of Zoltan Forray
> Sent: Wednesday, February 25, 2015 12:12 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: [ADSM-L] Privilege escalation bug
>
> Does not specifically say if it includes SOLARIS (only says "*UNIX,
> Linux, and OS X allows local users to gain privileges via unspecified 
> vectors.*").
> Do I assume since it says "UNIX" SOLARIS is includes?  We have some
> old Domino Solaris boxes (supposed to go away some time soon....)
> still running 6.1.3....
>
>
>
> On Wed, Feb 25, 2015 at 10:56 AM, Thomas Denier <
> Thomas.Denier AT jefferson DOT edu
> > wrote:
>
> > I received a security bulletin from IBM yesterday regarding "Tivoli
> > Storage Manager Stack-based Buffer Overflow Elevation of Privilege:
> > CVE-2014-6184". The affected version/release combinations listed in
> > the bulletin run from 5.4 to 6.3. We still have one Linux system
> > with
> > 5.3 client code. Can I treat the list of affected releases as an
> > explicit assurance that the 5.3 client does not have the
> > vulnerability discussed in the bulletin? The alternative possibility
> > that worries me is that 5.4 is the oldest level IBM thought it worthwhile 
> > to check.
> >
> > Thomas Denier
> > Thomas Jefferson University
> > The information contained in this transmission contains privileged
> > and confidential information. It is intended only for the use of the
> > person named above. If you are not the intended recipient, you are
> > hereby notified that any review, dissemination, distribution or
> > duplication of this communication is strictly prohibited. If you are
> > not the intended recipient, please contact the sender by reply email
> > and destroy all copies of the original message.
> >
> > CAUTION: Intended recipients should NOT use email communication for
> > emergent or urgent health care matters.
> >
>
>
>
> --
> *Zoltan Forray*
> TSM Software & Hardware Administrator
> Hobbit / Xymon Administrator
> Virginia Commonwealth University
> UCC/Office of Technology Services
> zforray AT vcu DOT edu - 804-828-4807
> Don't be a phishing victim - VCU and other reputable organizations
> will never use email to request that you reply with your password,
> social security number or confidential personal information. For more
> details visit http://infosecurity.vcu.edu/phishing.html
> The information contained in this transmission contains privileged and
> confidential information. It is intended only for the use of the
> person named above. If you are not the intended recipient, you are
> hereby notified that any review, dissemination, distribution or
> duplication of this communication is strictly prohibited. If you are
> not the intended recipient, please contact the sender by reply email
> and destroy all copies of the original message.
>
> CAUTION: Intended recipients should NOT use email communication for
> emergent or urgent health care matters.
>
>


--
*Zoltan Forray*
TSM Software & Hardware Administrator
Hobbit / Xymon Administrator
Virginia Commonwealth University
UCC/Office of Technology Services
zforray AT vcu DOT edu - 804-828-4807
Don't be a phishing victim - VCU and other reputable organizations will never 
use email to request that you reply with your password, social security number 
or confidential personal information. For more details visit 
http://infosecurity.vcu.edu/phishing.html
The information contained in this transmission contains privileged and 
confidential information. It is intended only for the use of the person named 
above. If you are not the intended recipient, you are hereby notified that any 
review, dissemination, distribution or duplication of this communication is 
strictly prohibited. If you are not the intended recipient, please contact the 
sender by reply email and destroy all copies of the original message.

CAUTION: Intended recipients should NOT use email communication for emergent or 
urgent health care matters.

<Prev in Thread] Current Thread [Next in Thread>