I signed up for a subscription for notices related to TSM. The trailer
information on the privilege escalation bulletin advises using the URL:
https://www.ibm.com/support/mynotifications
to subscribe or unsubscribe.
-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Zoltan Forray
Sent: Wednesday, February 25, 2015 3:01 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: [ADSM-L] Privilege escalation bug
Where are you getting the bulletins/alerts from? I wouldn't have know about it
if it wasn't for your posting. I have passed this on to my folks
- we too have old clients going back to 5.3 and older (IRIX?)
On Wed, Feb 25, 2015 at 12:55 PM, Thomas Denier <Thomas.Denier AT jefferson DOT
edu
> wrote:
> The body of the bulletin I received states that the affected platforms
> are AIX, HP-UX, Linux, Solaris, and Mac.
>
> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf
> Of Zoltan Forray
> Sent: Wednesday, February 25, 2015 12:12 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: [ADSM-L] Privilege escalation bug
>
> Does not specifically say if it includes SOLARIS (only says "*UNIX,
> Linux, and OS X allows local users to gain privileges via unspecified
> vectors.*").
> Do I assume since it says "UNIX" SOLARIS is includes? We have some
> old Domino Solaris boxes (supposed to go away some time soon....)
> still running 6.1.3....
>
>
>
> On Wed, Feb 25, 2015 at 10:56 AM, Thomas Denier <
> Thomas.Denier AT jefferson DOT edu
> > wrote:
>
> > I received a security bulletin from IBM yesterday regarding "Tivoli
> > Storage Manager Stack-based Buffer Overflow Elevation of Privilege:
> > CVE-2014-6184". The affected version/release combinations listed in
> > the bulletin run from 5.4 to 6.3. We still have one Linux system
> > with
> > 5.3 client code. Can I treat the list of affected releases as an
> > explicit assurance that the 5.3 client does not have the
> > vulnerability discussed in the bulletin? The alternative possibility
> > that worries me is that 5.4 is the oldest level IBM thought it worthwhile
> > to check.
> >
> > Thomas Denier
> > Thomas Jefferson University
> > The information contained in this transmission contains privileged
> > and confidential information. It is intended only for the use of the
> > person named above. If you are not the intended recipient, you are
> > hereby notified that any review, dissemination, distribution or
> > duplication of this communication is strictly prohibited. If you are
> > not the intended recipient, please contact the sender by reply email
> > and destroy all copies of the original message.
> >
> > CAUTION: Intended recipients should NOT use email communication for
> > emergent or urgent health care matters.
> >
>
>
>
> --
> *Zoltan Forray*
> TSM Software & Hardware Administrator
> Hobbit / Xymon Administrator
> Virginia Commonwealth University
> UCC/Office of Technology Services
> zforray AT vcu DOT edu - 804-828-4807
> Don't be a phishing victim - VCU and other reputable organizations
> will never use email to request that you reply with your password,
> social security number or confidential personal information. For more
> details visit http://infosecurity.vcu.edu/phishing.html
> The information contained in this transmission contains privileged and
> confidential information. It is intended only for the use of the
> person named above. If you are not the intended recipient, you are
> hereby notified that any review, dissemination, distribution or
> duplication of this communication is strictly prohibited. If you are
> not the intended recipient, please contact the sender by reply email
> and destroy all copies of the original message.
>
> CAUTION: Intended recipients should NOT use email communication for
> emergent or urgent health care matters.
>
>
--
*Zoltan Forray*
TSM Software & Hardware Administrator
Hobbit / Xymon Administrator
Virginia Commonwealth University
UCC/Office of Technology Services
zforray AT vcu DOT edu - 804-828-4807
Don't be a phishing victim - VCU and other reputable organizations will never
use email to request that you reply with your password, social security number
or confidential personal information. For more details visit
http://infosecurity.vcu.edu/phishing.html
The information contained in this transmission contains privileged and
confidential information. It is intended only for the use of the person named
above. If you are not the intended recipient, you are hereby notified that any
review, dissemination, distribution or duplication of this communication is
strictly prohibited. If you are not the intended recipient, please contact the
sender by reply email and destroy all copies of the original message.
CAUTION: Intended recipients should NOT use email communication for emergent or
urgent health care matters.
|