IBM Support

IT04140: TSM UNIX AND LINUX CLIENT LOCAL ESCALATION OF PRIVILEGE SECURITY VULNERABILITY

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Local escalation of privilege security vulnerability in
    TSM UNIX and Linux clients
    CVSS score: 6.9
    

Local fix

  • Remove the dsmtca executable from the machine.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All backup-archive client versions                           *
    * running on all Linux/Unix platforms.                         *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See ERROR DESCRIPTION                                        *
    * For additional details, refer to the security bulletin       *
    * published here:                                              *
    * http://www.ibm.com/support/docview.wss?uid=swg21695652       *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Apply fixing level when available. This                      *
    * problem is currently projected to be fixed                   *
    * in levels 6.4.3 and 7.1.2. Note that this is                 *
    * subject to change at the discretion of IBM.                  *
    ****************************************************************
    

Problem conclusion

  • The problem has been fixed. The password is not written to trace
    records.
    

Temporary fix

  • A fix for this problem is currently targeted for interim fix
    packages 6.2.5.4, 6.3.2.3 and 6.4.2.1.
    Note that unitl these interim fixes are actually available,
    this information is subject to change at the discretion of IBM.
    

Comments

APAR Information

  • APAR number

    IT04140

  • Reported component name

    TSM CLIENT

  • Reported component ID

    5698ISMCL

  • Reported release

    71L

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2014-09-02

  • Closed date

    2016-08-26

  • Last modified date

    2016-08-26

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IT06672

Fix information

  • Fixed component name

    TSM CLIENT

  • Fixed component ID

    5698ISMCL

Applicable component levels

  • R63A PSY

       UP

  • R63H PSY

       UP

  • R63L PSY

       UP

  • R63M PSY

       UP

  • R63S PSY

       UP

  • R64A PSY

       UP

  • R64H PSY

       UP

  • R64L PSY

       UP

  • R64M PSY

       UP

  • R64S PSY

       UP

  • R71A PSY

       UP

  • R71H PSY

       UP

  • R71L PSY

       UP

  • R71M PSY

       UP

  • R71S PSY

       UP

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"71L","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]

Document Information

Modified date:
26 August 2016