ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] Privilege escalation bug

2015-02-25 12:57:15
Subject: Re: [ADSM-L] Privilege escalation bug
From: Thomas Denier <Thomas.Denier AT JEFFERSON DOT EDU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Wed, 25 Feb 2015 17:55:32 +0000 
The body of the bulletin I received states that the affected platforms are AIX, 
HP-UX, Linux, Solaris, and Mac.

-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Zoltan Forray
Sent: Wednesday, February 25, 2015 12:12 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: [ADSM-L] Privilege escalation bug

Does not specifically say if it includes SOLARIS (only says "*UNIX, Linux, and 
OS X allows local users to gain privileges via unspecified vectors.*").
Do I assume since it says "UNIX" SOLARIS is includes?  We have some old Domino 
Solaris boxes (supposed to go away some time soon....) still running 6.1.3....



On Wed, Feb 25, 2015 at 10:56 AM, Thomas Denier <Thomas.Denier AT jefferson DOT 
edu
> wrote:

> I received a security bulletin from IBM yesterday regarding "Tivoli
> Storage Manager Stack-based Buffer Overflow Elevation of Privilege:
> CVE-2014-6184". The affected version/release combinations listed in
> the bulletin run from 5.4 to 6.3. We still have one Linux system with
> 5.3 client code. Can I treat the list of affected releases as an
> explicit assurance that the 5.3 client does not have the vulnerability
> discussed in the bulletin? The alternative possibility that worries me
> is that 5.4 is the oldest level IBM thought it worthwhile to check.
>
> Thomas Denier
> Thomas Jefferson University
> The information contained in this transmission contains privileged and
> confidential information. It is intended only for the use of the
> person named above. If you are not the intended recipient, you are
> hereby notified that any review, dissemination, distribution or
> duplication of this communication is strictly prohibited. If you are
> not the intended recipient, please contact the sender by reply email
> and destroy all copies of the original message.
>
> CAUTION: Intended recipients should NOT use email communication for
> emergent or urgent health care matters.
>



--
*Zoltan Forray*
TSM Software & Hardware Administrator
Hobbit / Xymon Administrator
Virginia Commonwealth University
UCC/Office of Technology Services
zforray AT vcu DOT edu - 804-828-4807
Don't be a phishing victim - VCU and other reputable organizations will never 
use email to request that you reply with your password, social security number 
or confidential personal information. For more details visit 
http://infosecurity.vcu.edu/phishing.html
The information contained in this transmission contains privileged and 
confidential information. It is intended only for the use of the person named 
above. If you are not the intended recipient, you are hereby notified that any 
review, dissemination, distribution or duplication of this communication is 
strictly prohibited. If you are not the intended recipient, please contact the 
sender by reply email and destroy all copies of the original message.

CAUTION: Intended recipients should NOT use email communication for emergent or 
urgent health care matters.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] Privilege escalation bug, Skylar Thompson
Next by Date:  Re: [ADSM-L] ANS4174E error, Prather, Wanda
Previous by Thread:  Re: [ADSM-L] Privilege escalation bug, Skylar Thompson
Next by Thread:  Re: [ADSM-L] Privilege escalation bug, Zoltan Forray
Indexes:  [Date] [Thread] [Top] [All Lists]