A fix is available
APAR status
Closed as program error.
Error description
The IBM Spectrum Protect backup-archive client could allow a local attacker to launch a symlink attack. The local attacker could gain elevated privileges at the system.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * Tivoli Storage Manager backup-archive client v6.4 and v7.1 * * on all Unix and Linux platforms and * * IBM Spectrum Protect backup-archive client v8.1 on all Unix * * and Linux platforms * **************************************************************** * PROBLEM DESCRIPTION: * * see error description * * For additional details, refer to the security bulletin * * published here: * * http://www.ibm.com/support/docview.wss?uid=swg22006248 * **************************************************************** * RECOMMENDATION: * * Apply fixing level when available. This problem is currently * * projected to be fixed in level 6.4.3.6, 7.1.8.0, 8.1.2.0 on * * all Unix and Linux platforms. * * Note that this is subject to change at the discretion of * * IBM. * ****************************************************************
Problem conclusion
The backup-archive client does not longer allow an attacker to gain elevated privileges.
Temporary fix
Comments
APAR Information
APAR number
IT20286
Reported component name
TSM CLIENT
Reported component ID
5698ISMCL
Reported release
81L
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-04-20
Closed date
2017-05-05
Last modified date
2017-10-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
ba
Fix information
Fixed component name
TSM CLIENT
Fixed component ID
5698ISMCL
Applicable component levels
R64L PSY
UP
R64A PSY
UP
R64M PSY
UP
R64H PSY
UP
R64S PSY
UP
R71L PSY
UP
R71A PSY
UP
R71M PSY
UP
R71H PSY
UP
R71S PSY
UP
R81L PSY
UP
R81A PSY
UP
R81M PSY
UP
R81H PSY
UP
R81S PSY
UP
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"81L","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
07 January 2022