IC87006: TSM FOR SPACE MANAGEMENT UNAUTHORIZED ACCESS BY NON-ROOT USER

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • An unauthorized access vulnerability in TSM for Space Management
    (HSM) enables local attackers to read, modify or even delete all
    files in all mounted file systems.
    .
    All HSM platforms are affected:
    AIX with GPFS or JFS2, Linux, Solaris Sparc and HP-UX.
    .
    The following HSM versions are affected:
    6.3, 6.2, 6.1, 5.5 and 5.4
    .
    The affected binary is the dsmrootd on AIX located in
    /usr/tivoli/tsm/client/hsm/bin or
    /opt/tivoli/tsm/client/hsm/bin in case of Linux, Solaris or
    HP-UX.
    .
    IBM's assessment of the base Common Vulnerability Scoring System
    (CVSS) score for this vulnerability is 7.2.
    

Local fix

  • When GPFS is spacemanaged the dsmrootd binary must be replaced
    by a script which runs as a background process upon start.
    When JFS2 or VxFS is spacemanaged the dsmrootd binary must be
    deleted. A script which replaces the dsmrootd is not required in
    the latter case.
    .
    For detailed instructions how to solve this security problem
    read the flash document available here
    http://www.ibm.com/support/docview.wss?uid=swg21615292
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: HSM versions 6.3, 6.2, 6.1, 5.5 and 5.4 on   *
    * AIX and Linux platforms. HSM versions 6.1, 5.5 and 5.4 on    *
    * Solaris and HP-UX.                                           *
    ****************************************************************
    * PROBLEM DESCRIPTION: See ERROR DESCRIPTION.                  *
    ****************************************************************
    * RECOMMENDATION: Follow the instructions described here       *
    * http://www.ibm.com/support/docview.wss?uid=swg21615292 until *
    * fixing levels are available. The problem is currently        *
    * projected to be fixed in levels 6.3.1 and 6.2.5.             *
    * Note that until these levels are available, this             *
    * information is subject to change at the discretion of IBM.   *
    ****************************************************************
    

Problem conclusion

  • The problem has been fixed so that it no longer occurs. The
    dsmrootd has been removed. HSM command execution by non-root
    users has been disabled. HSM 6.4.0 is not affected. The
    dsmrootd will be removed later with 6.4.1.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IC87006

  • Reported component name

    TSM SPACE MGMT

  • Reported component ID

    5698HSMCL

  • Reported release

    63L

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-10-04

  • Closed date

    2012-12-14

  • Last modified date

    2012-12-19

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TSM SPACE MGMT

  • Fixed component ID

    5698HSMCL

Applicable component levels

  • R63A PSY

       UP

  • R63L PSY

       UP

  • R64A PSY

       UP

  • R64L PSY

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Tivoli Storage Manager for Space Management

Software version:

6.3

Reference #:

IC87006

Modified date:

2012-12-19

Translate my page

Machine Translation

Content navigation