Re: [ADSM-L] Privilege escalation bug
2015-02-26 10:57:23
You can get them through RSS:
http://www-01.ibm.com/software/support/rss/tivoli/
-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Zoltan Forray
Sent: Wednesday, February 25, 2015 3:01 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: [ADSM-L] Privilege escalation bug
Where are you getting the bulletins/alerts from? I wouldn't have know about it
if it wasn't for your posting. I have passed this on to my folks
- we too have old clients going back to 5.3 and older (IRIX?)
On Wed, Feb 25, 2015 at 12:55 PM, Thomas Denier <Thomas.Denier AT jefferson DOT
edu
> wrote:
> The body of the bulletin I received states that the affected platforms
> are AIX, HP-UX, Linux, Solaris, and Mac.
>
> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf
> Of Zoltan Forray
> Sent: Wednesday, February 25, 2015 12:12 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: [ADSM-L] Privilege escalation bug
>
> Does not specifically say if it includes SOLARIS (only says "*UNIX,
> Linux, and OS X allows local users to gain privileges via unspecified
> vectors.*").
> Do I assume since it says "UNIX" SOLARIS is includes? We have some
> old Domino Solaris boxes (supposed to go away some time soon....)
> still running 6.1.3....
>
>
>
> On Wed, Feb 25, 2015 at 10:56 AM, Thomas Denier <
> Thomas.Denier AT jefferson DOT edu
> > wrote:
>
> > I received a security bulletin from IBM yesterday regarding "Tivoli
> > Storage Manager Stack-based Buffer Overflow Elevation of Privilege:
> > CVE-2014-6184". The affected version/release combinations listed in
> > the bulletin run from 5.4 to 6.3. We still have one Linux system
> > with
> > 5.3 client code. Can I treat the list of affected releases as an
> > explicit assurance that the 5.3 client does not have the
> > vulnerability discussed in the bulletin? The alternative possibility
> > that worries me is that 5.4 is the oldest level IBM thought it worthwhile
> > to check.
> >
> > Thomas Denier
> > Thomas Jefferson University
> > The information contained in this transmission contains privileged
> > and confidential information. It is intended only for the use of the
> > person named above. If you are not the intended recipient, you are
> > hereby notified that any review, dissemination, distribution or
> > duplication of this communication is strictly prohibited. If you are
> > not the intended recipient, please contact the sender by reply email
> > and destroy all copies of the original message.
> >
> > CAUTION: Intended recipients should NOT use email communication for
> > emergent or urgent health care matters.
> >
>
>
>
> --
> *Zoltan Forray*
> TSM Software & Hardware Administrator
> Hobbit / Xymon Administrator
> Virginia Commonwealth University
> UCC/Office of Technology Services
> zforray AT vcu DOT edu - 804-828-4807
> Don't be a phishing victim - VCU and other reputable organizations
> will never use email to request that you reply with your password,
> social security number or confidential personal information. For more
> details visit http://infosecurity.vcu.edu/phishing.html
> The information contained in this transmission contains privileged and
> confidential information. It is intended only for the use of the
> person named above. If you are not the intended recipient, you are
> hereby notified that any review, dissemination, distribution or
> duplication of this communication is strictly prohibited. If you are
> not the intended recipient, please contact the sender by reply email
> and destroy all copies of the original message.
>
> CAUTION: Intended recipients should NOT use email communication for
> emergent or urgent health care matters.
>
>
--
*Zoltan Forray*
TSM Software & Hardware Administrator
Hobbit / Xymon Administrator
Virginia Commonwealth University
UCC/Office of Technology Services
zforray AT vcu DOT edu - 804-828-4807
Don't be a phishing victim - VCU and other reputable organizations will never
use email to request that you reply with your password, social security number
or confidential personal information. For more details visit
http://infosecurity.vcu.edu/phishing.html
|
<Prev in Thread] |
Current Thread |
[Next in Thread> |
- Re: [ADSM-L] Privilege escalation bug, (continued)
|
|
|