A fix is available
APAR status
Closed as program error.
Error description
*VULNERABILITY SUMMARY* In environments with duplicated mailbox aliases, FlashCopy Manager for Microsoft Exchange and Data Protection for Microsoft Exchange may open and restore the wrong mailbox. *VULNERABILITY DETAILS* IBM Tivoli Storage FlashCopy Manager, Tivoli Storage Manager for Mail, and Tivoli Storage Manager FastBack for Microsoft Exchange could allow a local user with elevated privileges to obtain sensitive information by manipulating mailbox names that share the same alias. For example: Mailbox Display Name Alias mailbox1 Sales mailbox2 sales When two mailboxes have the same alias, users may encounter the following problems when using affected software: - the Mailbox Restore Browser interface may populate mailboxes with the folders and messages from a different mailbox than the one intended - restoring a mailbox via the CLI interface, using the alias instead of the mailbox display name, may restore a different mailbox than the one intended the mailbox history may not correctly represent the mailboxes that share the same alias
Local fix
Use the Exchange Management Console or Powershell commands to rename the duplicated mailbox alias to a unique value.
Problem summary
**************************************************************** USERS AFFECTED . All users of : . - Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1, 6.3, 6.4, and 7.1 . . who have more than one mailbox display name using the same alias. **************************************************************** PROBLEM DESCRIPTION . See ERROR DESCRIPTION . For additional details, refer to the security bulleting published here: http://www.ibm.com/support/docview.wss?uid=swg21963629 **************************************************************** RECOMENDATION: . Apply fixing level when available. This fix is currently projected to be available in: . - Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1.3.6, 6.3.1.3, 6.4.1.4, and 7.1.0.2 - Tivoli Storage FlashCopy Manager for Microsoft Exchange Server 3.1.1.5, 3.2.1.7, 4.1.1 . Note for FlashCopy Manager 2.1 and 2.2 customers: FlashCopy Manager customers may install and use a fixed level of the Tivoli Storage Manager for Mail: Data Protection for Exchange component fix in their environment. The Data Protection for Microsoft Exchange fix provides equivalent functionality to FlashCopy Manager for Microsoft Exchange when used in FlashCopy Manager environment. . . FlashCopy Manager 2.1 customers can use the Data Protection for Exchange 6.1.3.6 fix . FlashCopy Manager 2.2 customers can use the Data Protection for Exchange 6.1.3.6 fix . FlashCopy Manager 3.1 customers can use the Data Protection for Exchange 6.3.1.3 fix FlashCopy Manager 3.2 customers can use the Data Protection for Exchange 6.4.1.4 fix . Note: This information is subject to change at the discretion of IBM. ****************************************************************
Problem conclusion
Data Protection for Microsoft Exchange Server and FlashCopy Manager for Microsoft Exchange have been updated to correctly handle restore mailboxes have duplicated aliases.
Temporary fix
Comments
APAR Information
APAR number
IT04251
Reported component name
TSM FSB MS EXCH
Reported component ID
5724FSBMX
Reported release
71W
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2014-09-07
Closed date
2014-09-07
Last modified date
2017-01-17
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
TDPECXX
Fix information
Fixed component name
TDP EXCHANGE WI
Fixed component ID
5698DPXAP
Applicable component levels
R71W PSY
UP
R64W PSY
UP
R63W PSY
UP
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSTG2D","label":"Tivoli Storage Manager for Mail"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"71W","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
17 January 2017