Re: [ADSM-L] Fixing level for ASNODENAME vulnerability
2016-02-26 20:37:20
I was able to get some more details. Here they are:
======================================
The problem is that all client sessions which use ASNODENAME
and have authority to use ASNODENAME, will run as
authorized sessions. According to the doc, sessions using ASNODENAME
must be run as authorized sessions. If a client has
proxy authority against another node, then without the fix
- ASNODENAME sessions always run as authorized
for access to that node; The problem doesn't apply to Windows.
6.3.5.110 is a cumulative e-fix on top of 6.3.5.1.
Service is aware of these levels. Cumulative e-fixes are not
specifically available for download.
As the APAR ( IT13609 ) states, the official fixes
are in 6.3.6 and 7.1.4.
======================================
Del
----------------------------------------------------
"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 02/25/2016
07:04:36 AM:
> On Wed, Feb 24, 2016, at 10:32 PM, Thomas Denier wrote:
> > We are trying to figure out how to deal with the bug described in
> > http://www-01.ibm.com/support/docview.wss?uid=swg21975957. The
document
> > at that URL includes a table with information about the availability
of
> > fixes for various server code levels. The row for TSM 6.3 has a cell
> > stating that the fixing level is 6.3.5.1. Two cells to the right in
the
> > same row customers are advised to contact IBM support and request
> > 6.3.5.110 or later. Am I missing something that makes it possible for
the
> > two cells to be logically compatible?
> >
> > Thomas Denier
> > Thomas Jefferson University
>
|
|
|