I think that is the case, but you can workaround the bug by deleting or
removing access to the dsmtca binary.
On Tue, Mar 10, 2015 at 03:56:24PM +0000, Thomas Denier wrote:
> We have a considerable number of Linux TSM clients running on 32 bit x86
> processors and currently using either 6.2.2.0 or 6.2.4.0 client code. These
> client code levels have the privilege escalation bug described in the IBM
> bulletin " Tivoli Storage Manager Stack-based Buffer Overflow Elevation of
> Privilege: CVE-2014-6184". This bug is fixed in 6.2.5.4 client code. The
> README file for the 6.2.5.4 patch level has a link for "Linux x86_64 client
> requirements" but no corresponding link for the 32 bit x86 architecture. Does
> this imply that IBM is not providing the bug fix for 32 bit x86 systems?
>
> Thomas Denier
> Thomas Jefferson University
> The information contained in this transmission contains privileged and
> confidential information. It is intended only for the use of the person named
> above. If you are not the intended recipient, you are hereby notified that
> any review, dissemination, distribution or duplication of this communication
> is strictly prohibited. If you are not the intended recipient, please contact
> the sender by reply email and destroy all copies of the original message.
>
> CAUTION: Intended recipients should NOT use email communication for emergent
> or urgent health care matters.
--
-- Skylar Thompson (skylar2 AT u.washington DOT edu)
-- Genome Sciences Department, System Administrator
-- Foege Building S046, (206)-685-7354
-- University of Washington School of Medicine
|