Skip to main content

Software  >  Tivoli  >  Products  >  

TSM client buffer overrun security vulnerability
 Flash (Alert)
 
Abstract
A security vulnerability exists in the IBM Tivoli Storage Manager (TSM) Backup-Archive client. The buffer overrun vulnerability affects the Client Acceptor Daemon (CAD), and also the scheduler if using SCHEDMODE PROMPTED. A workaround and fix are available.
 
Content

Problem Summary:
A buffer overrun vulnerability exists in the IBM Tivoli Storage Manager (TSM) Backup-Archive client (APAR IC56773). The buffer overrun can be exploited to crash the client and also potentially to inject malicious code. This vulnerabilty affects two areas of the client:
  • the Client Acceptor Daemon (CAD) and its remote agent
  • the Backup-Archive client scheduler and scheduler service when the option SCHEDMODE is set to PROMPTED, whether or not the scheduler is managed by the CAD
If you have option SCHEDMODE set to POLLING (the default), and do not use the CAD, you are not affected by this vulnerability. The workaround and the packages containing the fix are detailed below.

The CAD is not started by default when the Backup-Archive client is started, except for TSM Express Backup-Archive clients. The CAD must be started separately to be used, and there is no exposure to the CAD vulnerability if it is not started.

The following client functions use the CAD and/or the remote agent:
  • the Web Client GUI
  • CAD-managed scheduler (the default is the traditional scheduler, except for Macintosh and TSM Express clients)

Six related TSM products do not contain this vulnerability, but some of their functions require the CAD to be running in the Backup-Archive client. These specific products and functions are:
  • TSM for Mail: Data Protection (DP) for Domino - Remote GUI only
  • TSM for Copy Services - VSS operations only
  • TSM for Databases: DP for SQL - VSS operations only
  • TSM for Mail: DP for Exchange - VSS operations only
  • TSM for Advanced Copy Services - DB2 UDB Integration Module only
  • TSM Administration Center - remote access to Web Backup-Archive client GUI only

Workaround:
1. Set the SCHEDMODE option back to POLLING (the default) on the client machine
2. Stop using the CAD and stop its executable (dsmcad), if it was being used
Note: there are no workarounds for TSM Express clients. You must install their fixing client update.

Backup-Archive Client Levels In Support (or Covered by Support Extensions) that contain the vulnerability:
ReleaseClient Levels
TSM 5.55.5.0.0 to 5.5.0.7
TSM 5.45.4.0.0 to 5.4.2.2
TSM 5.35.3.0.0 to 5.3.6.1
TSM 5.25.2.0.0 to 5.2.5.2
TSM 5.15.1.0.0 to 5.1.8.1
TSM Expressall levels


Solution and Client Package Levels Containing the Fix:
Install the client update packages that include the fix for the vulnerability (see table below). Later levels are cumulative and would also include the fix.

TSM Windows and Macintosh client users:
  • The TSM Windows and Macintosh 5.5.1.0 and 5.4.2.3 clients fix the security vulnerability but contain other issues described by flashes Windows IC57348 flash and Macintosh IC57344 flash. Read these two flashes and evaluate whether to apply the later update packages (5.5.1.6 or 5.4.2.4), which fix those issues as well as the security vulnerability.

Fix LevelPlatformsLink to Download Page or FTP directory
5.5.1.0All clients5.5.1.0 all clients but USS
5.5.1.0z/OS Unix System Services (USS) clientOrder PTFs UK38417 and UK38418
5.5.1.6Windows x32
Windows IA64
Windows x64
Macintosh		5.5.1.6 Win x32
5.5.1.6 Win IA64
5.5.1.6 Win x64
5.5.1.6 Macintosh
5.4.2.3All clients5.4.2.3 all clients but USS
5.4.2.3z/OS Unix System Services (USS) clientOrder PTFs UK41117 and UK41118
5.4.2.4Windows x32
Windows IA64
Windows x64
Macintosh		5.4.2.4 Win x32
5.4.2.4 Win IA64
5.4.2.4 Win x64
5.4.2.4 Macintosh
5.3.6.2AIX
Macintosh
NetWare
Linux x86
HP PA-RISC
Solaris SPARC
Windows x32
Windows x64		5.3.6.2 all clients with support extensions
5.3.6.2 "special"Linux x86 RHEL 3
Solaris 8
Win 2000		5.3.6.2 all "special" clients
5.2.5.3AIX
Solaris SPARC		5.2.5.3 AIX
5.2.5.3 Solaris SPARC
5.1.8.2AIX
Solaris SPARC
Tru64 UNIX
Windows NT		5.1.8.2 AIX
5.1.8.2 Solaris SPARC
5.1.8.2 Tru64
5.1.8.2 Win NT
5.3 ExpressWindows x32
Windows x64		5.3.6.2 Express


Acknowledgements:
This problem (ZDI-CAN-321) was brought to IBM's attention by Tipping Point (a division of 3Com) and the Zero Day Initiative

[edited 30 Oct 2008 to clarify Workaround section]
[edited 30 Nov 2008 to add SQL 2000/MySQL technote link]
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Storage ManagementIBM Tivoli Storage Manager Express
Storage ManagementIBM Tivoli Storage Manager for Advanced Copy Services
Storage ManagementIBM Tivoli Storage Manager for Copy ServicesMS Exchange VSS Snapshot
Storage ManagementIBM Tivoli Storage Manager for DatabasesData Protection for MS SQL
Storage ManagementIBM Tivoli Storage Manager for Mail
 
 

Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Rate this page
Please take a moment to complete this form to help us better serve you.
This material provides me with the information I need.




This material is clear and easy to understand.




Did the information help you to achieve your goal?
What updates, improvements, or related information would you like to see in this document?
Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.
Input the verification number to submit feedback:
Document information
 Product categories:
 Software
 Storage Management
 Data Protection
 IBM Tivoli Storage Manager for Databases
 Data Protection for MS SQL
 Operating system(s):
  AIX, HP-UX, Linux, Macintosh, NetWare, Solaris, TRU64 UNIX, Windows, z/OS
 Software version:
  5.1, 5.2, 5.3, 5.4, 5.5
 Reference #:
  1322623
 IBM Group:
 Software Group
 Modified date:
 2008-10-30

Translate My Page
 
 

Rate this page

Help us improve this page. Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.