ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] Privilege escalation bug

2015-02-26 10:57:23
Subject: Re: [ADSM-L] Privilege escalation bug
From: "Reese, Michael A (Mike) CIV USARMY 93 SIG BDE (US)" <michael.a.reese62.civ AT MAIL DOT MIL>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Thu, 26 Feb 2015 15:50:02 +0000 
You can get them through RSS:

http://www-01.ibm.com/software/support/rss/tivoli/

-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Zoltan Forray
Sent: Wednesday, February 25, 2015 3:01 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: [ADSM-L] Privilege escalation bug

Where are you getting the bulletins/alerts from?  I wouldn't have know about it 
if it wasn't for your posting.  I have passed this on to my folks
- we too have old clients going back to 5.3 and older (IRIX?)

On Wed, Feb 25, 2015 at 12:55 PM, Thomas Denier <Thomas.Denier AT jefferson DOT 
edu
> wrote:

> The body of the bulletin I received states that the affected platforms 
> are AIX, HP-UX, Linux, Solaris, and Mac.
>
> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf 
> Of Zoltan Forray
> Sent: Wednesday, February 25, 2015 12:12 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: [ADSM-L] Privilege escalation bug
>
> Does not specifically say if it includes SOLARIS (only says "*UNIX, 
> Linux, and OS X allows local users to gain privileges via unspecified 
> vectors.*").
> Do I assume since it says "UNIX" SOLARIS is includes?  We have some 
> old Domino Solaris boxes (supposed to go away some time soon....) 
> still running 6.1.3....
>
>
>
> On Wed, Feb 25, 2015 at 10:56 AM, Thomas Denier < 
> Thomas.Denier AT jefferson DOT edu
> > wrote:
>
> > I received a security bulletin from IBM yesterday regarding "Tivoli 
> > Storage Manager Stack-based Buffer Overflow Elevation of Privilege:
> > CVE-2014-6184". The affected version/release combinations listed in 
> > the bulletin run from 5.4 to 6.3. We still have one Linux system 
> > with
> > 5.3 client code. Can I treat the list of affected releases as an 
> > explicit assurance that the 5.3 client does not have the 
> > vulnerability discussed in the bulletin? The alternative possibility 
> > that worries me is that 5.4 is the oldest level IBM thought it worthwhile 
> > to check.
> >
> > Thomas Denier
> > Thomas Jefferson University
> > The information contained in this transmission contains privileged 
> > and confidential information. It is intended only for the use of the 
> > person named above. If you are not the intended recipient, you are 
> > hereby notified that any review, dissemination, distribution or 
> > duplication of this communication is strictly prohibited. If you are 
> > not the intended recipient, please contact the sender by reply email 
> > and destroy all copies of the original message.
> >
> > CAUTION: Intended recipients should NOT use email communication for 
> > emergent or urgent health care matters.
> >
>
>
>
> --
> *Zoltan Forray*
> TSM Software & Hardware Administrator
> Hobbit / Xymon Administrator
> Virginia Commonwealth University
> UCC/Office of Technology Services
> zforray AT vcu DOT edu - 804-828-4807
> Don't be a phishing victim - VCU and other reputable organizations 
> will never use email to request that you reply with your password, 
> social security number or confidential personal information. For more 
> details visit http://infosecurity.vcu.edu/phishing.html
> The information contained in this transmission contains privileged and 
> confidential information. It is intended only for the use of the 
> person named above. If you are not the intended recipient, you are 
> hereby notified that any review, dissemination, distribution or 
> duplication of this communication is strictly prohibited. If you are 
> not the intended recipient, please contact the sender by reply email 
> and destroy all copies of the original message.
>
> CAUTION: Intended recipients should NOT use email communication for 
> emergent or urgent health care matters.
>
>


--
*Zoltan Forray*
TSM Software & Hardware Administrator
Hobbit / Xymon Administrator
Virginia Commonwealth University
UCC/Office of Technology Services
zforray AT vcu DOT edu - 804-828-4807
Don't be a phishing victim - VCU and other reputable organizations will never 
use email to request that you reply with your password, social security number 
or confidential personal information. For more details visit 
http://infosecurity.vcu.edu/phishing.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] TSM for VE 7.1.1.1 exclude vm question, Prather, Wanda
Next by Date:  [ADSM-L] Aw: Re: [ADSM-L] Re: [ADSM-L] Exchange Backup with Flashcopy Manager EXTREMELY slow, John Keyes
Previous by Thread:  Re: [ADSM-L] Re: Privilege escalation bug, Skylar Thompson
Next by Thread:  [ADSM-L] ANS4174E error, McWilliams, Eric
Indexes:  [Date] [Thread] [Top] [All Lists]