APAR status
Closed as program error.
Error description
Tivoli Storage Manager clients can use the ASNODENAME option which allows the client session to run as a proxy for another client to which they have been granted proxy authority. The Tivoli Storage Manager server fails to adequately check the authorization of client sessions using the ASNODENAME option and runs the session as an authorized session. As a result, unauthorized users with proxy authority can generate and retrieve backup data that they would otherwise not be allowed to write or access.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * All Tivoli Storage Manager server users. * **************************************************************** * PROBLEM DESCRIPTION: * * See Security Bulletin * * http://www-01.ibm.com/support/docview.wss?uid=swg21975957 * **************************************************************** * RECOMMENDATION: * * Apply fixing level when available. This problem has been * * fixed in 7.1.4. This problem is currently projected to be * * fixed in levels 6.3.6. Note that this is subject to change * * at the discretion of IBM. Please see security bulletin * * http://www-01.ibm.com/support/docview.wss?uid=swg21975957 * * for recommendations on other levels. * ****************************************************************
Problem conclusion
This problem was fixed. Affected platforms: AIX, HP-UX, Solaris, and Linux.
Temporary fix
Comments
APAR Information
APAR number
IT13609
Reported component name
TSM SERVER
Reported component ID
5698ISMSV
Reported release
71L
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-02-03
Closed date
2016-02-05
Last modified date
2016-02-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TSM SERVER
Fixed component ID
5698ISMSV
Applicable component levels
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1.3","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
08 February 2016