Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

AIX

Posted on 2009-07-16
3
Medium Priority
?
1,066 Views
Last Modified: 2013-11-17
Hello Can u please let me how to check the applicability of the following apar on servers

i mean what should i check on server

Thanks in Advance

FYI

This APAR addresses all systems that have a Tivoli Storage Manager (TSM) Client installed.
It is mandatory to verify that all systems are updated to a level that is not vulnerable !

Affected Client Versions : 5.1 to 5.5 and TSM Express
Affected Operating Systems : AIX, HP-UX, Linux, Macintosh, NetWare, Solaris, TRU64 UNIX, Windows

IMT Germany ITDelivery recommendation is to update the TSM client to Version 5.5.2.1,
Please contact your TSM Server focal point in case of any technical questions especially if older client versions (5.4 and before) are used.  

Link to the security advisory : http://www-01.ibm.com/support/docview.wss?rs=663&context=SSGSG7&dc=D600&uid=swg21384389&loc=en_US&cs=utf-8&lang=en

---------------------------------------------------  Forwarded Information Starts Here ------------------------------------------------------
Security fixes for the IBM Tivoli Storage Manager (TSM) client
 Flash (Alert)

Abstract
Fixes are available for security vulnerabilities in the IBM Tivoli Storage Manager (TSM) client. The fixes address problems described by APARs IC59513, IC59994, IC59779, and IC59781. The Web GUI, Java GUI, and SSL in certain client releases are affected.

Content

Four security vulnerabilities exist in the IBM Tivoli Storage Manager (TSM) client, as described below. You are unaffected by these vulnerabilities unless you use the specific client component (Web GUI, Java GUI, or SSL) at the specific client release levels listed below. Fixes are available (see SOLUTION below). Version 6.1 clients are unaffected.

1. IC59513, Two Buffer Overruns, Web GUI and Java GUI:
Two similar buffer overrun vulnerabilities exist in the client Web GUI and Java GUI, which have the potential to crash the TSM client agent process or to allow malicious code injection.The malicious code could, for example, allow an unauthorized user to read, copy, alter, or delete files on the client machine.

Client Release      Vulnerable Client Levels      Fixing Client Levels
TSM 5.4      5.4.0.0 through 5.4.1.96      
5.4.2
TSM 5.3      5.3.0.0 through 5.3.6.4      
5.3.6.6
TSM 5.2      5.2.0.0 through 5.2.5.3      
5.2.5.4
TSM 5.1      5.1.0.0 through 5.1.8.2      
5.1.8.3
TSM Express      5.3.3.0 through 5.3.6.4      
5.3.6.6

Versions 5.5 and 6.1 are unaffected by this vulnerability


2. IC59994, Buffer Overrun, Web GUI:
A buffer overrun vulnerability exists in the client Web GUI, which has the potential to crash the TSM client agent process or to allow malicious code injection. The malicious code could, for example, allow an unauthorized user to read, copy, alter, or delete files on the client machine.

Client Release      Vulnerable Client Levels      Fixing Client Levels
TSM 5.5      5.5.0.0 through 5.5.1.17            5.5.2
TSM 5.4      5.4.0.0 through 5.4.2.6            5.4.2.7
TSM 5.3      5.3.0.0 through 5.3.6.4            5.3.6.6
TSM 5.2      5.2.0.0 through 5.2.5.3            5.2.5.4
TSM 5.1      5.1.0.0 through 5.1.8.2            5.1.8.3

Version 6.1 is unaffected by this vulnerability


3. IC59779, Unauthorized Access, Java GUI
An unauthorized access vulnerability exists in the client Java GUI. The vulnerability could, for example, allow an unauthorized user to read, copy, alter, or delete files on the client machine.
Client Release      Vulnerable Client Levels      Fixing Client Levels
TSM 5.5      5.5.0.0 through 5.5.1.17            5.5.2
TSM 5.4      5.4.0.0 through 5.4.2.6            5.4.2.7
TSM 5.3      5.3.0.0 through 5.3.6.5            5.3.6.6
TSM 5.2      5.2.0.0 through 5.2.5.3            5.2.5.4
TSM Express      5.3.3.0 through 5.3.6.5            5.3.6.6
Version 6.1 is unaffected by this vulnerability


4. IC59781, Man-in-the-middle, SSL
A man-in-the-middle vulnerability exists in the AIX and Windows clients using the Secure Socket Layer (SSL). The vulnerability could, for example, allow files from the client machine to be read or copied by an unauthorized user.

Client Release      Vulnerable Client Levels      Fixing Client Levels
TSM 5.5 (AIX and Windows only)      5.5.0.0 through 5.5.1.17      
5.5.2

Versions 5.1, 5.2, 5.3. Express, 5.4, and 6.1 are unaffected by this vulnerability.

RELATED TSM PRODUCT
One related TSM product does not contain these vulnerabilities, but one of its functions requires the Web GUI in the Backup-Archive client. This specific product and function is:

    * TSM for Mail: Data Protection (DP) for Domino - Remote GUI function only

SOLUTION:
Install the client update packages that include the fixes for the vulnerabilities (see tables below). Later levels within the release are cumulative and would also include the fix.

    * Web and Java GUI client update packages:

Client Release      B/A Client Platforms      Client download link
TSM 5.5      All platforms            5.5.2
TSM 5.4      All platforms            5.4.2.7
TSM 5.3       "special clients"
            supported in 5.4      Windows 2000
            Solaris 8
            Linux x86 RHEL 3      5.3.6.6
TSM 5.3      AIX
            Linux x86
            Linux zSeries
            Solaris SPARC
            HP PA-RISC
            Windows x32
            Windows x64            5.3.6.6
            (all 5.3 clients with support extensions)
TSM 5.2      AIX
            Solaris SPARC
            HP PA-RISC
            Windows x32
            Tru64 at 5.1.8.3 level      5.2.5.4
             AIX                  5.2.5.4
             Solaris SPARC            5.2.5.4
             HP PA-RISC            5.2.5.4
             Windows x32            5.1.8.3
             Tru64 UNIX
            TSM Express
            Windows x32
            Windows x64      
            Express             5.3.6.6

    * SSL client update packages:

Client Release      B/A Client Platforms      Client download link
TSM 5.5      AIX and Windows      5.5.2

0
Comment
Question by:prashantchauhan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 2000 total points
ID: 24868176
Hi,

You can display installed program version with

lslpp -Lc | grep -i tsm

It wil display your TSM version

oslevel

will display your AIX version. Get these numbers and check against the table.

Cheers,
K.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 24868347
Hi,
please check your current AIX Technology Level using
oslevel -r
Should you find 5300-05 or higher, or 6100-01 or higher, I'd suggest upgrading to TSM client 5.5.2 resp. 6.2, regardless of the presently installed client version.
Should you find 5300-04 or even below, you will have to install TSM client version 5.4.2.7.
Should you use other operating systems than just AIX - here is the list of operating systems supported by Tivoli TSM client version 5.5.2 - and 6.1
http://www-01.ibm.com/support/docview.wss?uid=swg21243309
Note - if you don't use the TSM Web- or Java GUI clients, or the SSL client, you don't need any upgrade at all!
wmp
 
 
0
 

Author Closing Comment

by:prashantchauhan
ID: 31604165
Many Thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question