[ADSM-L] local fix for CVE-2016-8998
2017-02-27 08:56:25
Dear all,
we have been thinking about a local quick fix for Security Bulletin: Buffer
Overflow from improperly formatted SELECT command in IBM Tivoli Storage
Manager (IBM Spectrum Protect) Server (CVE-2016-8998).
Gerd Becker and I have come across the following Idea that may ease the
preasure to update to 7.1.7.100 ff:
Define one empty domain "emptydomain"
Update admins who may safely use select statements, but with no other
authority to "grant authority adminname classes=policy domains=emptydomain"
set queryauth policy in the server otion file and bounce the server
instance
all other admins, such as node admin users will no longer be able to issue
select statements
Cheers,
Markus
|
<Prev in Thread] |
Current Thread |
[Next in Thread> |
- [ADSM-L] local fix for CVE-2016-8998,
Markus Engelhard <=
|
|
|