Re: [ADSM-L] Privilege escalation bug
2015-02-25 12:57:15
The body of the bulletin I received states that the affected platforms are AIX,
HP-UX, Linux, Solaris, and Mac.
-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Zoltan Forray
Sent: Wednesday, February 25, 2015 12:12 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: [ADSM-L] Privilege escalation bug
Does not specifically say if it includes SOLARIS (only says "*UNIX, Linux, and
OS X allows local users to gain privileges via unspecified vectors.*").
Do I assume since it says "UNIX" SOLARIS is includes? We have some old Domino
Solaris boxes (supposed to go away some time soon....) still running 6.1.3....
On Wed, Feb 25, 2015 at 10:56 AM, Thomas Denier <Thomas.Denier AT jefferson DOT
edu
> wrote:
> I received a security bulletin from IBM yesterday regarding "Tivoli
> Storage Manager Stack-based Buffer Overflow Elevation of Privilege:
> CVE-2014-6184". The affected version/release combinations listed in
> the bulletin run from 5.4 to 6.3. We still have one Linux system with
> 5.3 client code. Can I treat the list of affected releases as an
> explicit assurance that the 5.3 client does not have the vulnerability
> discussed in the bulletin? The alternative possibility that worries me
> is that 5.4 is the oldest level IBM thought it worthwhile to check.
>
> Thomas Denier
> Thomas Jefferson University
> The information contained in this transmission contains privileged and
> confidential information. It is intended only for the use of the
> person named above. If you are not the intended recipient, you are
> hereby notified that any review, dissemination, distribution or
> duplication of this communication is strictly prohibited. If you are
> not the intended recipient, please contact the sender by reply email
> and destroy all copies of the original message.
>
> CAUTION: Intended recipients should NOT use email communication for
> emergent or urgent health care matters.
>
--
*Zoltan Forray*
TSM Software & Hardware Administrator
Hobbit / Xymon Administrator
Virginia Commonwealth University
UCC/Office of Technology Services
zforray AT vcu DOT edu - 804-828-4807
Don't be a phishing victim - VCU and other reputable organizations will never
use email to request that you reply with your password, social security number
or confidential personal information. For more details visit
http://infosecurity.vcu.edu/phishing.html
The information contained in this transmission contains privileged and
confidential information. It is intended only for the use of the person named
above. If you are not the intended recipient, you are hereby notified that any
review, dissemination, distribution or duplication of this communication is
strictly prohibited. If you are not the intended recipient, please contact the
sender by reply email and destroy all copies of the original message.
CAUTION: Intended recipients should NOT use email communication for emergent or
urgent health care matters.
|
|
|