Solved

AIX

Posted on 2009-07-16
3
1,053 Views
Last Modified: 2013-11-17
Hello Can u please let me how to check the applicability of the following apar on servers

i mean what should i check on server

Thanks in Advance

FYI

This APAR addresses all systems that have a Tivoli Storage Manager (TSM) Client installed.
It is mandatory to verify that all systems are updated to a level that is not vulnerable !

Affected Client Versions : 5.1 to 5.5 and TSM Express
Affected Operating Systems : AIX, HP-UX, Linux, Macintosh, NetWare, Solaris, TRU64 UNIX, Windows

IMT Germany ITDelivery recommendation is to update the TSM client to Version 5.5.2.1,
Please contact your TSM Server focal point in case of any technical questions especially if older client versions (5.4 and before) are used.  

Link to the security advisory : http://www-01.ibm.com/support/docview.wss?rs=663&context=SSGSG7&dc=D600&uid=swg21384389&loc=en_US&cs=utf-8&lang=en

---------------------------------------------------  Forwarded Information Starts Here ------------------------------------------------------
Security fixes for the IBM Tivoli Storage Manager (TSM) client
 Flash (Alert)

Abstract
Fixes are available for security vulnerabilities in the IBM Tivoli Storage Manager (TSM) client. The fixes address problems described by APARs IC59513, IC59994, IC59779, and IC59781. The Web GUI, Java GUI, and SSL in certain client releases are affected.

Content

Four security vulnerabilities exist in the IBM Tivoli Storage Manager (TSM) client, as described below. You are unaffected by these vulnerabilities unless you use the specific client component (Web GUI, Java GUI, or SSL) at the specific client release levels listed below. Fixes are available (see SOLUTION below). Version 6.1 clients are unaffected.

1. IC59513, Two Buffer Overruns, Web GUI and Java GUI:
Two similar buffer overrun vulnerabilities exist in the client Web GUI and Java GUI, which have the potential to crash the TSM client agent process or to allow malicious code injection.The malicious code could, for example, allow an unauthorized user to read, copy, alter, or delete files on the client machine.

Client Release      Vulnerable Client Levels      Fixing Client Levels
TSM 5.4      5.4.0.0 through 5.4.1.96      
5.4.2
TSM 5.3      5.3.0.0 through 5.3.6.4      
5.3.6.6
TSM 5.2      5.2.0.0 through 5.2.5.3      
5.2.5.4
TSM 5.1      5.1.0.0 through 5.1.8.2      
5.1.8.3
TSM Express      5.3.3.0 through 5.3.6.4      
5.3.6.6

Versions 5.5 and 6.1 are unaffected by this vulnerability


2. IC59994, Buffer Overrun, Web GUI:
A buffer overrun vulnerability exists in the client Web GUI, which has the potential to crash the TSM client agent process or to allow malicious code injection. The malicious code could, for example, allow an unauthorized user to read, copy, alter, or delete files on the client machine.

Client Release      Vulnerable Client Levels      Fixing Client Levels
TSM 5.5      5.5.0.0 through 5.5.1.17            5.5.2
TSM 5.4      5.4.0.0 through 5.4.2.6            5.4.2.7
TSM 5.3      5.3.0.0 through 5.3.6.4            5.3.6.6
TSM 5.2      5.2.0.0 through 5.2.5.3            5.2.5.4
TSM 5.1      5.1.0.0 through 5.1.8.2            5.1.8.3

Version 6.1 is unaffected by this vulnerability


3. IC59779, Unauthorized Access, Java GUI
An unauthorized access vulnerability exists in the client Java GUI. The vulnerability could, for example, allow an unauthorized user to read, copy, alter, or delete files on the client machine.
Client Release      Vulnerable Client Levels      Fixing Client Levels
TSM 5.5      5.5.0.0 through 5.5.1.17            5.5.2
TSM 5.4      5.4.0.0 through 5.4.2.6            5.4.2.7
TSM 5.3      5.3.0.0 through 5.3.6.5            5.3.6.6
TSM 5.2      5.2.0.0 through 5.2.5.3            5.2.5.4
TSM Express      5.3.3.0 through 5.3.6.5            5.3.6.6
Version 6.1 is unaffected by this vulnerability


4. IC59781, Man-in-the-middle, SSL
A man-in-the-middle vulnerability exists in the AIX and Windows clients using the Secure Socket Layer (SSL). The vulnerability could, for example, allow files from the client machine to be read or copied by an unauthorized user.

Client Release      Vulnerable Client Levels      Fixing Client Levels
TSM 5.5 (AIX and Windows only)      5.5.0.0 through 5.5.1.17      
5.5.2

Versions 5.1, 5.2, 5.3. Express, 5.4, and 6.1 are unaffected by this vulnerability.

RELATED TSM PRODUCT
One related TSM product does not contain these vulnerabilities, but one of its functions requires the Web GUI in the Backup-Archive client. This specific product and function is:

    * TSM for Mail: Data Protection (DP) for Domino - Remote GUI function only

SOLUTION:
Install the client update packages that include the fixes for the vulnerabilities (see tables below). Later levels within the release are cumulative and would also include the fix.

    * Web and Java GUI client update packages:

Client Release      B/A Client Platforms      Client download link
TSM 5.5      All platforms            5.5.2
TSM 5.4      All platforms            5.4.2.7
TSM 5.3       "special clients"
            supported in 5.4      Windows 2000
            Solaris 8
            Linux x86 RHEL 3      5.3.6.6
TSM 5.3      AIX
            Linux x86
            Linux zSeries
            Solaris SPARC
            HP PA-RISC
            Windows x32
            Windows x64            5.3.6.6
            (all 5.3 clients with support extensions)
TSM 5.2      AIX
            Solaris SPARC
            HP PA-RISC
            Windows x32
            Tru64 at 5.1.8.3 level      5.2.5.4
             AIX                  5.2.5.4
             Solaris SPARC            5.2.5.4
             HP PA-RISC            5.2.5.4
             Windows x32            5.1.8.3
             Tru64 UNIX
            TSM Express
            Windows x32
            Windows x64      
            Express             5.3.6.6

    * SSL client update packages:

Client Release      B/A Client Platforms      Client download link
TSM 5.5      AIX and Windows      5.5.2

0
Comment
Question by:prashantchauhan
3 Comments
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 500 total points
ID: 24868176
Hi,

You can display installed program version with

lslpp -Lc | grep -i tsm

It wil display your TSM version

oslevel

will display your AIX version. Get these numbers and check against the table.

Cheers,
K.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 24868347
Hi,
please check your current AIX Technology Level using
oslevel -r
Should you find 5300-05 or higher, or 6100-01 or higher, I'd suggest upgrading to TSM client 5.5.2 resp. 6.2, regardless of the presently installed client version.
Should you find 5300-04 or even below, you will have to install TSM client version 5.4.2.7.
Should you use other operating systems than just AIX - here is the list of operating systems supported by Tivoli TSM client version 5.5.2 - and 6.1
http://www-01.ibm.com/support/docview.wss?uid=swg21243309
Note - if you don't use the TSM Web- or Java GUI clients, or the SSL client, you don't need any upgrade at all!
wmp
 
 
0
 

Author Closing Comment

by:prashantchauhan
ID: 31604165
Many Thanks
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question