Re: For those Security conscious people running AIX
2002-04-05 12:14:24
Subject: |
Re: For those Security conscious people running AIX |
From: |
Justin Derrick <jderrick AT CANADA DOT COM> |
Date: |
Fri, 5 Apr 2002 12:14:16 -0500 |
I'm guessing here...
To
Sabotage
Mailinglists.
-JD.
>--duuuhh-- Thanks Justin, I missed that point-- "The tsm family of commands
>--duuuhh-- Thanks Justin, I missed that point-- "The tsm family of commands
>(tsm,getty,login)". Anyone have any idea of what tsm means (you know, the
>obscure reason it was named tsm-- like AIX means Advanced Interactive
>eXecutive?)
>
>lisa
>
>
>
> Justin Derrick
> <jderrick@CANA To: ADSM-L AT VM.MARIST DOT EDU
> DA.COM> cc:
> Sent by: Subject: Re: For those
>Security conscious people running AIX
> "ADSM: Dist
> Stor Manager"
> <ADSM-L AT VM DOT MAR
> IST.EDU>
>
>
> 04/04/2002
> 07:23 PM
> Please respond
> to "ADSM: Dist
> Stor Manager"
>
>
>
>
>
>
>Just to re-iterate...
>
>>I wonder.....do you need to replace the tsm executable in /usr/sbin after
>>you update TSM server code??????
>
>No. The 'tsm' in /usr/sbin has nothing to do with Tivoli Storage Manager.
>I have absolutely *no* idea why IBM just didn't call it 'login', since that
>what it's linked to. =)
>
>-JD.
>
>
>
>
>
>
>> Gabriel Wiley
>> <wileyg AT US DOT IBM To: ADSM-L AT VM.MARIST
>> DOT EDU
>> .COM> cc:
>> Sent by: Subject: Re: For those
>>Security conscious people running AIX
>> "ADSM: Dist
>> Stor Manager"
>> <ADSM-L AT VM DOT MAR
>> IST.EDU>
>>
>>
>> 04/04/2002
>> 08:19 AM
>> Please respond
>> to "ADSM: Dist
>> Stor Manager"
>>
>>
>>
>>
>>
>>
>>Lisa,
>>
>>I just upgraded another server to ML9 + yesterday..
>>
>>I ordered the CD(s) in Feb. when they arrived it did not have the fileset.
>>(CD was ML9 as of 02/06/02)
>>
>>It is an add on if you wish to call it that..
>>
>>Gabriel C. Wiley
>>ADSM/TSM Administrator
>>AIX Support
>>Phone 1-614-308-6709
>>Pager 1-877-489-2867
>>Fax 1-614-308-6637
>>Cell 1-740-972-6441
>>
>>Siempre Hay Esperanza
>>
>>
>>
>>
>> Lisa Cabanas
>> <CABANL AT MODOT DOT NET To:
>>ADSM-L AT VM.MARIST DOT EDU
>> > cc:
>> Sent by: "ADSM: Subject: Re: For those
>>Security conscious people running AIX
>> Dist Stor
>> Manager"
>> <[email protected]
>> .EDU>
>>
>>
>> 04/03/2002 09:07
>> AM
>> Please respond to
>> "ADSM: Dist Stor
>> Manager"
>>
>>
>>
>>
>>
>>I think what Justin said about having to do extra steps is right (needing
>>additional filesets, specifically)-- I am at ML9, but when I look at the
>>levels of the filesets, they are still below what is indicated as being
>>unaffected, and the instfix doesn't show that APAR.
>>
>>bummer.
>>
>>lisa
>>
>>
>>
>> Gabriel Wiley
>> <wileyg AT US DOT IBM To: ADSM-L AT VM.MARIST
>> DOT EDU
>> .COM> cc:
>> Sent by: Subject: Re: For those
>>Security conscious people running AIX
>> "ADSM: Dist
>> Stor Manager"
>> <ADSM-L AT VM DOT MAR
>> IST.EDU>
>>
>>
>> 04/02/2002
>> 04:13 PM
>> Please respond
>> to "ADSM: Dist
>> Stor Manager"
>>
>>
>>
>>
>>
>>
>>I can't tell you if it was fixed in ML8 we went from ML3 to ML9 overnight
>>(or a very long weekend) ..
>>
>>The security people, waived it in my face the other day and said get it
>>fixed.
>>
>>Since we are at ML9 + there was no need , it was already there.
>>
>>If you go to the software website it says you need to install 388 or so
>>filesets to be legit.. (Wrong not in this env.)
>>
>>There have been buffer overflow issues in every version of AIX so far..
>>
>>Problem Summar y
>>
>> The tsm family of commands (tsm,getty,login) does not
>> properly validate the port name entered on the command
>>line.
>> This can allow unpriviledged users to become root.
>>
>>
>>Gabriel C. Wiley
>>ADSM/TSM Administrator
>>AIX Support
>>Phone 1-614-308-6709
>>Pager 1-877-489-2867
>>Fax 1-614-308-6637
>>Cell 1-740-972-6441
>>
>>Siempre Hay Esperanza
>>
>>
>>
>>|---------+---------------------------->
>>| | Justin Derrick |
>>| | <jderrick@CANADA.|
>>| | COM> |
>>| | Sent by: "ADSM: |
>>| | Dist Stor |
>>| | Manager" |
>>| | <[email protected]|
>>| | .EDU> |
>>| | |
>>| | |
>>| | 04/02/2002 03:16 |
>>| | PM |
>>| | Please respond to|
>>| | "ADSM: Dist Stor |
>>| | Manager" |
>>| | |
>>|---------+---------------------------->
>> >
>>
>-------------------------------------------------------------------------------
>
>>-----------------------------------------------|
>>
>>
>>
>> |
>>|
>> | To: ADSM-L AT VM.MARIST DOT EDU
>>|
>> | cc:
>>|
>> | Subject: Re: For those Security conscious people running AIX
>>|
>> |
>>|
>> |
>>|
>> >
>>
>-------------------------------------------------------------------------------
>
>>-----------------------------------------------|
>>
>>
>>
>>
>>
>>
>>I think I had to install this separately at a client site because it
>>required a few steps in order to take proper effect... But to be
>>absolutely clear, this isn't Tivoli Storage Manager related. For some
>>reason, the 'login' program on AIX is a link (an alias, if you will) to
>the
>>'tsm' program, which, again, has nothing to do with Tivoli Storage
>Manager.
>>
>>-JD.
>>
>>>Isn't/Wasn't this taken care of in ML8?
>>>
>>>
>>>
>>> Gabriel Wiley
>>> <wileyg AT US DOT IBM To: ADSM-L AT VM.MARIST
>>> DOT EDU
>>> .COM> cc:
>>> Sent by: Subject: For those Security
>>>conscious people running AIX
>>> "ADSM: Dist
>>> Stor Manager"
>>> <ADSM-L AT VM DOT MAR
>>> IST.EDU>
>>>
>>>
>>> 04/02/2002
>>> 12:14 PM
>>> Please respond
>>> to "ADSM: Dist
>>> Stor Manager"
>>>
>>>
>>>
>>>
>>>
>>>
>>>If you are not aware .. FYI ****
>>>
>>>SECURITY: MULTIPLE BUFFER OVERFLOW VULNERABILITIES IN TSMLOGIN
>>>
>>>Created: 01/04/2002 at 03:22 PM
>>>
>>>
>>> Published Date: 01/04/2002
>>>
>>>
>>>
>>>
>>>
>>>
>>> OS or Applications Affected: AIX
>>>
>>> Versions Affected: 4.3
>>>
>>>
>>>
>>>
>>>
>>> Severity: Medium
>>>
>>>
>>>
>>>
>>>
>>> APAR/Patch ID: IY26443
>>>
>>> Workaround Available?: No
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>Run this command to see if you have it ;
>>>
>>>instfix -ik IY26443
>>>
>>> or
>>>
>>>instfix -ick IY26443
>>>
>>>Keyword:Fileset:ReqLevel:InstLevel:Status:Abstract
>>>Y26443:bos.rte.security:4.3.3.79:4.3.3.79:=:SECURITY: Multiple buffer
>>>overflow vulnerabilities in tsmlogin
>>>
>>>
>>>Gabriel C. Wiley
>>>ADSM/TSM Administrator
>>>AIX Support
>>>Phone 1-614-308-6709
>>>Pager 1-877-489-2867
>>>Fax 1-614-308-6637
>>>Cell 1-740-972-6441
>>>
>>>Siempre Hay Esperanza
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: For those Security conscious people running AIX, (continued)
- Re: For those Security conscious people running AIX, Lisa Cabanas
- Re: For those Security conscious people running AIX, Jolley, Bill
- Re: For those Security conscious people running AIX, David Longo
- Re: For those Security conscious people running AIX, Gabriel Wiley
- Re: For those Security conscious people running AIX, Lisa Cabanas
- Re: For those Security conscious people running AIX, Gabriel Wiley
- Re: For those Security conscious people running AIX, Lisa Cabanas
- Re: For those Security conscious people running AIX, Lisa Cabanas
- Re: For those Security conscious people running AIX,
Justin Derrick <=
- Re: For those Security conscious people running AIX, Bill Mansfield
- Re: For those Security conscious people running AIX, David Longo
- Re: For those Security conscious people running AIX, Lisa Cabanas
|
|
|