TSM Client Vulnerability Notice

[chad_small]

I saw this article about a possible exploit with the TSM CAD on client systems. I'd try to explain it but it's best to check the article. It can leave systems open for execution of arbitrary code. Check it out here and here. This exploit goes back as far as the 5.1 client so be aware of the issue even with older clients.

Affected Products:

IBM Tivoli Storage Manager Client version 5.1
IBM Tivoli Storage Manager Client version 5.2
IBM Tivoli Storage Manager Client version 5.3
IBM Tivoli Storage Manager Client version 5.4

Solution:

Apply client update package 5.4.1.2 (UK27738 and UK27739) :
http://www.ibm.com/support/docview.wss?uid=swg24016585

Apply client update package 5.3.5.3 (UK29248 and UK29249) :
http://www.ibm.com/support/docview.wss?uid=swg24016838

Apply client update packages 5.2.5.2 and 5.1.8.1 :
http://www.ibm.com/support/docview.wss?uid=swg24016985http://www.ibm.com/support/docview.wss?uid=swg24016586

Original Advisory:
http://www-1.ibm.com/support/docview.wss?uid=swg21268775

 

[may]

very interesting issue....
now the prob is to convince the client and manage an upgrade of the all the clients to newer version

 

[chad_small]

I'm been to too many companies where they don't have a software distribution tool so I feel your pain.

 

[dkk]

Client Acceptor Daemon (CAD)

Risks associated with the CAD vulnerability can be be significantly reduced
by enabling and applying an explicit permit rule to the client's firewall/ACL
filter to only allow Client Acceptor Daemon (CAD) connection from known and trusted TSM server(s).

Patching should be performed but for any high risk clients, I would enable host based firewall/ACLs.

- Dan

 

[toddz2000]

Good suggestion about the host-based firewall. I'm very anal about what gets near any of the ports open on my system.