This fix addresses a security vulnerability for remote code execution (CVE-2014-7411),
This fix addresses the security vulnerability listed in the IBM Tivoli Monitoring Security Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21973559.
The following patches are provided which remediate the vulnerability across the releases below:
| VRMF | Fix |
| 6.30 | 6.3.0-TIV-ITM-FP0006-IV77992
6.3.0-TIV-ITM-FP0005-IV77992 |
| 6.23 | 6.2.3-TIV-ITM-FP0005-IV77992 |
| 6.22 | 6.2.2-TIV-ITM-FP0009-IV77992 |
NOTE 1: The fix for IV77992 requires the patch be installed on the portal server. In addition to this, the patch needs to be installed on the systems where the tacmd CLI is installed and utilized. The CLI is installed as part of the "ue" component.
NOTE 2: The fix for IV77992 supercedes and includes the fix for
IBM Tivoli Monitoring Remote Code Execution as addressed
by APAR fix IV77742. Once the patch above for IV77992 is installed, the patch for IV77442 is not needed and should not be installed afterwards.
The prerequisite level for these fixes are as follows:
6.3.0-TIV-ITM-FP0006-IV77742 requires IBM Tivoli Monitoring, version 6.3.0 Fix Pack 6 (6.3.0-TIV-ITM-FP0006)
6.3.0-TIV-ITM-FP0005-IV77742 requires IBM Tivoli Monitoring, version 6.3.0 Fix Pack 5 (6.3.0-TIV-ITM-FP0005)
6.2.3-TIV-ITM-FP0005-IV77742 requires IBM Tivoli Monitoring, version 6.2.3 Fix Pack 5 (6.2.3-TIV-ITM-FP0005)
6.2.2-TIV-ITM-FP0009-IV77742 requires IBM Tivoli Monitoring, version 6.2.2 Fix Pack 9 (6.2.2-TIV-ITM-FP0009)
[{"PRLabel":"6.3.0-TIV-ITM-FP0006","PRLang":"English","PRSize":"1","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.3.0&function=fixId&fixids=6.3.0-TIV-ITM-FP0006"},{"PRLabel":"6.3.0-TIV-ITM-FP0005","PRLang":"English","PRSize":"1","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.3.0&function=fixId&fixids=6.3.0-TIV-ITM-FP0005"},{"PRLabel":"6.2.3-TIV-ITM-FP0005","PRLang":"English","PRSize":"1","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.2.3&function=fixId&fixids=6.2.3-TIV-ITM-FP0005"},{"PRLabel":"6.2.2-TIV-ITM-FP0009","PRLang":"English","PRSize":"1","PRPlat":{"label":"AIX","code":"PF002"},"PRURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.2.2&function=fixId&fixids=6.2.2-TIV-ITM-FP0009"}]
Refer to the README file located in Fix Central for additional information.
2016-02-29: Original Publish
2016-03-14: Corrected typo in "NOTE 2" for APAR IV77742.
2016-03-17: Added link for patch for 6.30 FP6.
On
[{"DNLabel":"6.3.0-TIV-ITM-FP0006-IV77992","DNDate":"17 Mar 2016","DNLang":"English","DNSize":"1","DNPlat":{"label":"Linux","code":"PF016"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.3.0.6&function=fixId&fixids=6.3.0-TIV-ITM-FP0006-IV77992","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.3.0-TIV-ITM-FP0005-IV77992","DNDate":"10 Jan 2016","DNLang":"English","DNSize":"1","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.3.0.5&function=fixId&fixids=6.3.0-TIV-ITM-FP0005-IV77992","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.2.3-TIV-ITM-FP0005-IV77992","DNDate":"10 Jan 2016","DNLang":"English","DNSize":"1","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.2.3.5&function=fixId&fixids=6.2.3-TIV-ITM-FP0005-IV77992","DNURL_FTP":" ","DDURL":null},{"DNLabel":"6.2.2-TIV-ITM-FP0009-IV77992","DNDate":"10 Jan 2016","DNLang":"English","DNSize":"1","DNPlat":{"label":"AIX","code":"PF002"},"DNURL":"http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Tivoli+Monitoring&platform=All&release=6.2.2.9&function=fixId&fixids=6.2.2-TIV-ITM-FP0009-IV77992","DNURL_FTP":" ","DDURL":null}]
[{"Product":{"code":"SSTFXA","label":"Tivoli Monitoring"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Not Applicable","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"6.3.0;6.2.3;6.2.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Problems (APARS) fixed
Problems (APARS) fixed