Fixes are available
APAR status
Closed as program error.
Error description
Local buffer overrun security vulnerability in the TSM UNIX and Linux clients can allow unauthorized access by a local user (a user with a local account)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All backup-archive clients on Linux and UNIX * * platforms * **************************************************************** * PROBLEM DESCRIPTION: See ERROR DESCRIPTION * **************************************************************** * RECOMMENDATION: Apply fixing level when available. This * * problem is currently projected to be fixed * * in levels 6.3.1, 6.2.5, 6.1.5.5, and 5.5.4.1.* * This is subject to change at the discretion * * of IBM. Note: 6.4 is unaffected. * **************************************************************** *
Problem conclusion
The backup-archive client has been fixed so the local buffer overrun no longer occurs. See the Security Bulletin here: http://www.ibm.com/support/docview.wss?uid=swg21651120
Temporary fix
Comments
APAR Information
APAR number
IC96517
Reported component name
TSM CLIENT
Reported component ID
5698ISMCL
Reported release
63A
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-10-01
Closed date
2013-10-01
Last modified date
2013-10-02
APAR is sysrouted FROM one or more of the following:
IC81930
APAR is sysrouted TO one or more of the following:
Modules/Macros
DSMTCA
Fix information
Fixed component name
TSM CLIENT
Fixed component ID
5698ISMCL
Applicable component levels
R63A PSY
UP
R63H PSY
UP
R63L PSY
UP
R63M PSY
UP
R63S PSY
UP
R62A PSY
UP
R62H PSY
UP
R62L PSY
UP
R62M PSY
UP
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"63A","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
02 October 2013