Boy, I am really batting 1.000 here!
Who woulda thunk?? the MAN page (bigger duhhhhhhh)
David Longo
<David.Longo@HEALTH- To: ADSM-L AT VM.MARIST DOT
EDU
FIRST.ORG> cc:
Sent by: "ADSM: Dist Subject: Re: For those
Security conscious people running AIX
Stor Manager"
<ADSM-L AT VM.MARIST DOT ED
U>
04/05/2002 12:31 PM
Please respond to
"ADSM: Dist Stor
Manager"
Per AIX 4.3.3 man page:
tsm Command
Purpose:
Provides terminal state management.
Syntax
tsm Port
Description
The tsm command invokes the terminal state manager, which controls the
ports used in the trusted path.
David Longo
>> CABANL AT MODOT DOT NET 04/05/02 11:57AM >>>
--duuuhh-- Thanks Justin, I missed that point-- "The tsm family of commands
(tsm,getty,login)". Anyone have any idea of what tsm means (you know, the
(tsm,getty,login)". Anyone have any idea of what tsm means (you know, the
obscure reason it was named tsm-- like AIX means Advanced Interactive
eXecutive?)
lisa
Justin Derrick
<jderrick@CANA To: ADSM-L AT VM.MARIST DOT EDU
DA.COM> cc:
Sent by: Subject: Re: For those
Security conscious people running AIX
"ADSM: Dist
Stor Manager"
<ADSM-L AT VM DOT MAR
IST.EDU>
04/04/2002
07:23 PM
Please respond
to "ADSM: Dist
Stor Manager"
Just to re-iterate...
>I wonder.....do you need to replace the tsm executable in /usr/sbin after
>you update TSM server code??????
No. The 'tsm' in /usr/sbin has nothing to do with Tivoli Storage Manager.
I have absolutely *no* idea why IBM just didn't call it 'login', since that
what it's linked to. =)
-JD.
> Gabriel Wiley
> Gabriel Wiley
> <wileyg AT US DOT IBM To: ADSM-L AT VM.MARIST
> DOT EDU
> .COM> cc:
> Sent by: Subject: Re: For those
>Security conscious people running AIX
> "ADSM: Dist
> Stor Manager"
> <ADSM-L AT VM DOT MAR
> IST.EDU>
>
>
> 04/04/2002
> 08:19 AM
> Please respond
> to "ADSM: Dist
> Stor Manager"
>
>
>
>
>
>
>Lisa,
>
>I just upgraded another server to ML9 + yesterday..
>
>I ordered the CD(s) in Feb. when they arrived it did not have the fileset.
>(CD was ML9 as of 02/06/02)
>
>It is an add on if you wish to call it that..
>
>Gabriel C. Wiley
>ADSM/TSM Administrator
>AIX Support
>Phone 1-614-308-6709
>Pager 1-877-489-2867
>Fax 1-614-308-6637
>Cell 1-740-972-6441
>
>Siempre Hay Esperanza
>
>
>
>
> Lisa Cabanas
> <CABANL AT MODOT DOT NET To:
>ADSM-L AT VM.MARIST DOT EDU
> > cc:
> Sent by: "ADSM: Subject: Re: For those
>Security conscious people running AIX
> Dist Stor
> Manager"
> <[email protected]
> .EDU>
>
>
> 04/03/2002 09:07
> AM
> Please respond to
> "ADSM: Dist Stor
> Manager"
>
>
>
>
>
>I think what Justin said about having to do extra steps is right (needing
>additional filesets, specifically)-- I am at ML9, but when I look at the
>levels of the filesets, they are still below what is indicated as being
>unaffected, and the instfix doesn't show that APAR.
>
>bummer.
>
>lisa
>
>
>
> Gabriel Wiley
> <wileyg AT US DOT IBM To: ADSM-L AT VM.MARIST
> DOT EDU
> .COM> cc:
> Sent by: Subject: Re: For those
>Security conscious people running AIX
> "ADSM: Dist
> Stor Manager"
> <ADSM-L AT VM DOT MAR
> IST.EDU>
>
>
> 04/02/2002
> 04:13 PM
> Please respond
> to "ADSM: Dist
> Stor Manager"
>
>
>
>
>
>
>I can't tell you if it was fixed in ML8 we went from ML3 to ML9 overnight
>(or a very long weekend) ..
>
>The security people, waived it in my face the other day and said get it
>fixed.
>
>Since we are at ML9 + there was no need , it was already there.
>
>If you go to the software website it says you need to install 388 or so
>filesets to be legit.. (Wrong not in this env.)
>
>There have been buffer overflow issues in every version of AIX so far..
>
>Problem Summar y
>
> The tsm family of commands (tsm,getty,login) does not
> properly validate the port name entered on the command
>line.
> This can allow unpriviledged users to become root.
>
>
>Gabriel C. Wiley
>ADSM/TSM Administrator
>AIX Support
>Phone 1-614-308-6709
>Pager 1-877-489-2867
>Fax 1-614-308-6637
>Cell 1-740-972-6441
>
>Siempre Hay Esperanza
>
>
>
>|---------+---------------------------->
>| | Justin Derrick |
>| | <jderrick@CANADA.|
>| | COM> |
>| | Sent by: "ADSM: |
>| | Dist Stor |
>| | Manager" |
>| | <[email protected]|
>| | .EDU> |
>| | |
>| | |
>| | 04/02/2002 03:16 |
>| | PM |
>| | Please respond to|
>| | "ADSM: Dist Stor |
>| | Manager" |
>| | |
>|---------+---------------------------->
> >
>
-------------------------------------------------------------------------------
>-----------------------------------------------|
>-----------------------------------------------|
>
>
>
> |
>|
> | To: ADSM-L AT VM.MARIST DOT EDU
>|
> | cc:
>|
> | Subject: Re: For those Security conscious people running AIX
>|
> |
>|
> |
>|
> >
>
-------------------------------------------------------------------------------
>-----------------------------------------------|
>-----------------------------------------------|
>
>
>
>
>
>
>I think I had to install this separately at a client site because it
>required a few steps in order to take proper effect... But to be
>absolutely clear, this isn't Tivoli Storage Manager related. For some
>reason, the 'login' program on AIX is a link (an alias, if you will) to
the
>'tsm' program, which, again, has nothing to do with Tivoli Storage
Manager.
>
>-JD.
>
>>Isn't/Wasn't this taken care of in ML8?
>>
>>
>>
>> Gabriel Wiley
>> <wileyg AT US DOT IBM To: ADSM-L AT VM.MARIST
>> DOT EDU
>> .COM> cc:
>> Sent by: Subject: For those Security
>>conscious people running AIX
>> "ADSM: Dist
>> Stor Manager"
>> <ADSM-L AT VM DOT MAR
>> IST.EDU>
>>
>>
>> 04/02/2002
>> 12:14 PM
>> Please respond
>> to "ADSM: Dist
>> Stor Manager"
>>
>>
>>
>>
>>
>>
>>If you are not aware .. FYI ****
>>
>>SECURITY: MULTIPLE BUFFER OVERFLOW VULNERABILITIES IN TSMLOGIN
>>
>>Created: 01/04/2002 at 03:22 PM
>>
>>
>> Published Date: 01/04/2002
>>
>>
>>
>>
>>
>>
>> OS or Applications Affected: AIX
>>
>> Versions Affected: 4.3
>>
>>
>>
>>
>>
>> Severity: Medium
>>
>>
>>
>>
>>
>> APAR/Patch ID: IY26443
>>
>> Workaround Available?: No
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>Run this command to see if you have it ;
>>
>>instfix -ik IY26443
>>
>> or
>>
>>instfix -ick IY26443
>>
>>Keyword:Fileset:ReqLevel:InstLevel:Status:Abstract
>>Y26443:bos.rte.security:4.3.3.79:4.3.3.79:=:SECURITY: Multiple buffer
>>overflow vulnerabilities in tsmlogin
>>
>>
>>Gabriel C. Wiley
>>ADSM/TSM Administrator
>>AIX Support
>>Phone 1-614-308-6709
>>Pager 1-877-489-2867
>>Fax 1-614-308-6637
>>Cell 1-740-972-6441
>>
>>Siempre Hay Esperanza
"MMS <health-first.org>" made the following
annotations on 04/05/02 13:44:49
------------------------------------------------------------------------------
This message is for the named person's use only. It may contain
This message is for the named person's use only. It may contain
confidential, proprietary, or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission. If
you receive this message in error, please immediately delete it and all
copies of it from your system, destroy any hard copies of it, and notify
the sender. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the
intended recipient. Health First reserves the right to monitor all e-mail
communications through its networks. Any views or opinions expressed in
this message are solely those of the individual sender, except (1) where
the message states such views or opinions are on behalf of a particular
entity; and (2) the sender is authorized by the entity to give such views
or opinions.
=============================================================================
|
