ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ADSM-L] APAR IT04884 / CVE-2014-4817

2016-07-25 20:06:57
Subject: [ADSM-L] APAR IT04884 / CVE-2014-4817
From: David Bronder <david-bronder AT UIOWA DOT EDU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Mon, 25 Jul 2016 19:05:01 -0500 
Has anyone seen any actually useful explanation of the security vulnerability
specified in security bulletin 1686874 ("Tivoli Storage Manager version
roll-off by unauthorized clients") for CVE-2014-4817, and "fixed" in APAR
IT04884 (by the addition of the new server option BACKUPINITIATIONROOT)?

   https://www.ibm.com/support/docview.wss?uid=swg21686874
   https://www.ibm.com/support/docview.wss?uid=swg1IT04884

I've only seen limited mention of it on the list, suggesting to set the new
option from "ON" (default) to "OFF" so that non-root backups (e.g. Oracle
backups) will continue to work.

What I'm trying to figure out is the actual security risk of the pre-IT04884
behavior (which setting "BACKUPINITIATIONROOT=OFF restores).  All the
bulletin, CVE and references have to say is the following (with slight
variations):

> Tivoli Storage Manager servers and client have a default setting which allows 
> TSM users, who are not TSM-authorized, to use certain options which can 
> result in the roll-off of file backup versions and their replacement with 
> files that have the same name as files backed up by TSM-authorized users.

I can find no mention of what those "certain options" are, nor any other
details that would explain, operationally, what the actual problem is.

I've read and re-read the security bulletin and CVE references several times.
 As far as I can figure so far, the only risk is is that non-root users can
roll off backups of their own files, which isn't much of a risk, since by
definition, they can change the content of those files anyway.  (I.e. it's
working as designed.)

Maybe I'm just missing something.  But since I expect I'll have to disable
this security "fix" (or set up group-based restrictions on dsmtca) when I
update to a server level with IT04884 so I don't break things for my users,
I'd like some idea of what the security trade-off really is.

Any insight would be appreciated.

=Dave

--
Hello World.                                David Bronder - Systems Architect
Segmentation Fault                                      ITS-EI, Univ. of Iowa
Core dumped, disk trashed, quota filled, soda warm.   david-bronder AT uiowa 
DOT edu
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [ADSM-L] APAR IT04884 / CVE-2014-4817, David Bronder <=
Previous by Date:  Re: [ADSM-L] AW: TSM Replication, Plair, Ricky
Next by Date:  [ADSM-L] query auditocc question, Paul_Dudley
Previous by Thread:  [ADSM-L] TSM Replication, Plair, Ricky
Next by Thread:  [ADSM-L] query auditocc question, Paul_Dudley
Indexes:  [Date] [Thread] [Top] [All Lists]