Security Bulletin
Summary
IBM Tivoli Storage Manger (TSM) for Space Management files can be restored incorrectly by the TSM Backup-Archive client, potentially allowing unauthorized local access to those files.
Vulnerability Details
CVE ID: CVE-2013-6335
Description:
The file metadata of TSM for Space Management files can be restored incorrectly by the TSM Backup-Archive client after a series of steps, potentially allowing unauthorized local access to those files if default permissions are less restrictive than the user's permissions.
CVSS:
CVSS Base Score: 2.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/89054 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:N)
Affected Products and Versions
TSM AIX and Linux x86 Backup-Archive client at these release levels:
- 7.1: 7.1.0.0 through 7.1.0.2
- 6.4: 6.4.0.0 through 6.4.1.x
- 6.3: 6.3.0.0 through 6.3.1.x
- 6.2: 6.2.0.0 through 6.2.5.2. TSM 6.2 is beyond End of Support.
- 6.1: all levels. TSM 6.1 is beyond End of Support.
- 5.5: all levels. TSM 5.5 is beyond End of Support.
- 5.4: all levels. TSM 5.4 is beyond End of Support.
TSM HP-UX and Solaris Backup-Archive clients at these release levels:
- 6.1: 6.1.0.0 to 6.1.5.5. TSM 6.2 is beyond End of Support.
- 5.5: all levels. TSM 5.5 is beyond End of Support.
- 5.4: all levels. TSM 5.4 is beyond End of Support.
Remediation/Fixes
TSM Release | First Fixing VRMF Level | Client Platform | APAR | Link to fix |
7.1 | 7.1.0.3 | AIX Linux x86 | IC96095 | http://www.ibm.com/support/docview.wss?&uid=swg24036985 |
6.4 | 6.4.2 | AIX Linux x86 | IC96095 | http://www.ibm.com/support/docview.wss?uid=swg24037543 |
6.3 | 6.3.2 | AIX Linux x86 | IC96095 | http://www.ibm.com/support/docview.wss?uid=swg24036718 |
6.2 | 6.2.5.3 | AIX Linux x86 | IC96095 | http://www.ibm.com/support/docview.wss?uid=swg24036287 |
6.1 and lower | none | AIX Linux x86 | IC96095 | Upgrade to a fixing level |
7.1 B/A clients in 7.1 TSM for Space Managment package | 7.1.0.3 | AIX Linux x86 | IC96095 | http://www.ibm.com/support/docview.wss?&uid=swg24038150 |
6.4 B/A clients in 6.4 TSM for Space Management package | 6.4.2 | AIX Linux x86 | IC96095 | http://www.ibm.com/support/docview.wss?&uid=swg24037482 |
6.3 B/A clients in 6.3 TSM for Space Management package | 6.3.2 | AIX Linux x86 | IC96095 | http://www.ibm.com/support/docview.wss?uid=swg24036722 |
6.2 B/A clients in 6.2 TSM for Space Management package | 6.2.5.3 | AIX Linux x86 | IC96095 | http://www.ibm.com/support/docview.wss?uid=swg24036287 |
6.1 B/A clients in 6.2 TSM for Space Management package | 6.1.5.6 | HP-UX Solaris | IC96095 | http://www.ibm.com/support/docview.wss?uid=swg24031758 |
6.1 B/A clients in 6.1 TSM for Space Management package | none | AIX Linux x86 | IC96095 | Upgrade to a fixing level |
5.5 and lower B/A clients in TSM for Space Management packages | none | AIX HP-UX Linux x86 Solaris | IC96095 | Upgrade to a fixing level |
If you need further assistance, contact IBM Software Support.
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Change History
12 August 2014: original copy published
29 June 2015: stated that Version 6.2 is now End of Support
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21680453