|
Re: [ADSM-L] Privilege escalation bug
2015-02-25 15:03:31
Where are you getting the bulletins/alerts from? I wouldn't have know
about it if it wasn't for your posting. I have passed this on to my folks
- we too have old clients going back to 5.3 and older (IRIX?)
On Wed, Feb 25, 2015 at 12:55 PM, Thomas Denier <Thomas.Denier AT jefferson DOT
edu
> wrote:
> The body of the bulletin I received states that the affected platforms are
> AIX, HP-UX, Linux, Solaris, and Mac.
>
> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf
> Of
> Zoltan Forray
> Sent: Wednesday, February 25, 2015 12:12 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: [ADSM-L] Privilege escalation bug
>
> Does not specifically say if it includes SOLARIS (only says "*UNIX, Linux,
> and OS X allows local users to gain privileges via unspecified vectors.*").
> Do I assume since it says "UNIX" SOLARIS is includes? We have some old
> Domino Solaris boxes (supposed to go away some time soon....) still running
> 6.1.3....
>
>
>
> On Wed, Feb 25, 2015 at 10:56 AM, Thomas Denier <
> Thomas.Denier AT jefferson DOT edu
> > wrote:
>
> > I received a security bulletin from IBM yesterday regarding "Tivoli
> > Storage Manager Stack-based Buffer Overflow Elevation of Privilege:
> > CVE-2014-6184". The affected version/release combinations listed in
> > the bulletin run from 5.4 to 6.3. We still have one Linux system with
> > 5.3 client code. Can I treat the list of affected releases as an
> > explicit assurance that the 5.3 client does not have the vulnerability
> > discussed in the bulletin? The alternative possibility that worries me
> > is that 5.4 is the oldest level IBM thought it worthwhile to check.
> >
> > Thomas Denier
> > Thomas Jefferson University
> > The information contained in this transmission contains privileged and
> > confidential information. It is intended only for the use of the
> > person named above. If you are not the intended recipient, you are
> > hereby notified that any review, dissemination, distribution or
> > duplication of this communication is strictly prohibited. If you are
> > not the intended recipient, please contact the sender by reply email
> > and destroy all copies of the original message.
> >
> > CAUTION: Intended recipients should NOT use email communication for
> > emergent or urgent health care matters.
> >
>
>
>
> --
> *Zoltan Forray*
> TSM Software & Hardware Administrator
> Hobbit / Xymon Administrator
> Virginia Commonwealth University
> UCC/Office of Technology Services
> zforray AT vcu DOT edu - 804-828-4807
> Don't be a phishing victim - VCU and other reputable organizations will
> never use email to request that you reply with your password, social
> security number or confidential personal information. For more details
> visit http://infosecurity.vcu.edu/phishing.html
> The information contained in this transmission contains privileged and
> confidential information. It is intended only for the use of the person
> named above. If you are not the intended recipient, you are hereby notified
> that any review, dissemination, distribution or duplication of this
> communication is strictly prohibited. If you are not the intended
> recipient, please contact the sender by reply email and destroy all copies
> of the original message.
>
> CAUTION: Intended recipients should NOT use email communication for
> emergent or urgent health care matters.
>
>
--
*Zoltan Forray*
TSM Software & Hardware Administrator
Hobbit / Xymon Administrator
Virginia Commonwealth University
UCC/Office of Technology Services
zforray AT vcu DOT edu - 804-828-4807
Don't be a phishing victim - VCU and other reputable organizations will
never use email to request that you reply with your password, social
security number or confidential personal information. For more details
visit http://infosecurity.vcu.edu/phishing.html
|
|
|
