This fix addresses a security vulnerability with the RC4 "Bar Mitzvah" attack which affects IBM Tivoli Monitoring when LDAP is configured at the management server (CVE-2015-2808).
This fix updates the LDAP client which is used by IBM Tivoli Monitoring when LDAP is configured on the Tivoli Enterprise Management Server (TEMS). The fix addresses the security vulnerability as documented in the Security bulletin: http://www.ibm.com/support/docview.wss?uid=swg21883223
The following patches are provided to remediate the vulnerability across the releases below:
| VRMF | Fix |
| 6.30 | 6.3.0-TIV-ITM-FP0004-IV72812 |
| 6.23 | 6.2.3-TIV-ITM-FP0005-IV72812 |
| 6.22 | 6.2.2-TIV-ITM-FP0009-IV72812 |
This provisional requires the IBM Tivoli Monitoring TLS Vulnerabilty patch (IV68044) to be installed prior to installing IV72812. (
http://www-01.ibm.com/support/docview.wss?uid=swg24039203)
The prerequisite level for this fix is as follows:
IBM Tivoli Monitoring, version 6.3.0 Fix Pack 4 (6.3.0-TIV-ITM-FP0004)
- OR -
IBM Tivoli Monitoring, version 6.2.3 Fix Pack 5 (6.2.3-TIV-ITM-FP0005)
- OR -
IBM Tivoli Monitoring, version 6.2.2 Fix Pack 9 (6.2.2-TIV-ITM-FP0009)
[{"PRLabel":"6.3.0-TIV-ITM-FP0004","PRLang":"English","PRSize":"1","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.3.0&function=fixId&fixids=6.3.0-TIV-ITM-FP0004"},{"PRLabel":"6.2.3-TIV-ITM-FP0005","PRLang":"English","PRSize":"1","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.2.3&function=fixId&fixids=6.2.3-TIV-ITM-FP0005"},{"PRLabel":"6.2.2-TIV-ITM-FP0009","PRLang":"English","PRSize":"1","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.2.2&function=fixId&fixids=6.2.2-TIV-ITM-FP0009"}]
Refer to the README file located in Fix Central for additional information.
On
[{"DNLabel":"6.3.0-TIV-ITM-FP0004-IV72812","DNDate":"15 May 2015","DNLang":"English","DNSize":"1","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.3.0.4&function=fixId&fixids=6.3.0-TIV-ITM-FP0004-IV72812","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.2.3-TIV-ITM-FP0005-IV72812","DNDate":"15 May 2015","DNLang":"English","DNSize":"1","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.2.3.5&function=fixId&fixids=6.2.3-TIV-ITM-FP0005-IV72812","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.2.2-TIV-ITM-FP0009-IV72812","DNDate":"15 May 2015","DNLang":"English","DNSize":"1","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.2.2.9&function=fixId&fixids=6.2.2-TIV-ITM-FP0009-IV72812","DNURL_FTP":" ","DDURL":null}]
[{"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"6.3.0;6.2.3;6.2.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Problems (APARS) fixed
Problems (APARS) fixed