ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] Fixing level for ASNODENAME vulnerability

2016-02-26 06:26:21
Subject: Re: [ADSM-L] Fixing level for ASNODENAME vulnerability
From: Krzysztof Przygoda <przygod AT GMAIL DOT COM>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Fri, 26 Feb 2016 12:25:05 +0100 
Hi
This is really good question. If fact current description is not very clear.
Anyone could provide better one or some example scenario to know which
data/config is affected?
Thanks in advance

Krzysztof

2016-02-25 13:04 GMT+01:00 Henrik Ahlgren <pablo AT seestieto DOT com>:

> Is the IBM Security Bulletin correct when it does not list Windows as a
> vulnerable platform?
>
> BTW, where can I find a more detailed description about what does this
> mean exactly: "The Tivoli Storage Manager server fails to adequately
> check the authorization of client sessions using the ASNODENAME option
> and runs the session as an authorized session. As a result, unauthorized
> users with proxy authority can generate and retrieve backup data that
> they would otherwise not be allowed to write or access."
>
> Any node with granted proxy authority to some target can read data from
> any target or what? I find this description about the vulnerability
> quite vague.
>
> On Wed, Feb 24, 2016, at 10:32 PM, Thomas Denier wrote:
> > We are trying to figure out how to deal with the bug described in
> > http://www-01.ibm.com/support/docview.wss?uid=swg21975957. The document
> > at that URL includes a table with information about the availability of
> > fixes for various server code levels. The row for TSM 6.3 has a cell
> > stating that the fixing level is 6.3.5.1. Two cells to the right in the
> > same row customers are advised to contact IBM support and request
> > 6.3.5.110 or later. Am I missing something that makes it possible for the
> > two cells to be logically compatible?
> >
> > Thomas Denier
> > Thomas Jefferson University
> > The information contained in this transmission contains privileged and
> > confidential information. It is intended only for the use of the person
> > named above. If you are not the intended recipient, you are hereby
> > notified that any review, dissemination, distribution or duplication of
> > this communication is strictly prohibited. If you are not the intended
> > recipient, please contact the sender by reply email and destroy all
> > copies of the original message.
> >
> > CAUTION: Intended recipients should NOT use email communication for
> > emergent or urgent health care matters.
>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ADSM-L] more amazon vtl config issues, Lee, Gary
Next by Date:  Re: [ADSM-L] Fixing level for ASNODENAME vulnerability, Del Hoobler
Previous by Thread:  Re: [ADSM-L] Fixing level for ASNODENAME vulnerability, Henrik Ahlgren
Next by Thread:  Re: [ADSM-L] Fixing level for ASNODENAME vulnerability, Del Hoobler
Indexes:  [Date] [Thread] [Top] [All Lists]