IT04140: TSM UNIX AND LINUX CLIENT LOCAL ESCALATION OF PRIVILEGE SECURITY VULNERABILITY

Fixes are available

IBM Tivoli Storage Manager (TSM) Client 7.1.1 Downloads and READMEs
IBM Tivoli Storage Manager (TSM) Client 7.1.2 Downloads and READMEs
IBM Tivoli Storage Manager Client 6.4.3 Downloads and READMEs
IBM Tivoli Storage Manager (TSM) client 6.3.2.x interim fix downloads - EOL

APAR status

Closed as program error.

Error description

Local escalation of privilege security vulnerability in
TSM UNIX and Linux clients
CVSS score: 6.9

Local fix

Remove the dsmtca executable from the machine.

Problem summary

****************************************************************
* USERS AFFECTED:                                              *
* All backup-archive client versions                           *
* running on all Linux/Unix platforms.                         *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* See ERROR DESCRIPTION                                        *
* For additional details, refer to the security bulletin       *
* published here:                                              *
* http://www.ibm.com/support/docview.wss?uid=swg21695652       *
****************************************************************
* RECOMMENDATION:                                              *
* Apply fixing level when available. This                      *
* problem is currently projected to be fixed                   *
* in levels 6.4.3 and 7.1.2. Note that this is                 *
* subject to change at the discretion of IBM.                  *
****************************************************************

Problem conclusion

The problem has been fixed. The password is not written to trace
records.

Temporary fix

A fix for this problem is currently targeted for interim fix
packages 6.2.5.4, 6.3.2.3 and 6.4.2.1.
Note that unitl these interim fixes are actually available,
this information is subject to change at the discretion of IBM.

Comments

APAR Information

APAR number
IT04140
Reported component name
TSM CLIENT
Reported component ID
5698ISMCL
Reported release
71L
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2014-09-02
Closed date
2016-08-26
Last modified date
2016-08-26

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

IT06672

Fix information

Fixed component name
TSM CLIENT
Fixed component ID
5698ISMCL

Applicable component levels

R63A PSY
UP
R63H PSY
UP
R63L PSY
UP
R63M PSY
UP
R63S PSY
UP
R64A PSY
UP
R64H PSY
UP
R64L PSY
UP
R64M PSY
UP
R64S PSY
UP
R71A PSY
UP
R71H PSY
UP
R71L PSY
UP
R71M PSY
UP
R71S PSY
UP

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"71L","Line of Business":{"code":"LOB26","label":"Storage"}}]

Document Information

Modified date:
08 January 2022

Tips

IT04140: TSM UNIX AND LINUX CLIENT LOCAL ESCALATION OF PRIVILEGE SECURITY VULNERABILITY

Fixes are available

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R63A PSY

R63H PSY

R63L PSY

R63M PSY

R63S PSY

R64A PSY

R64H PSY

R64L PSY

R64M PSY

R64S PSY

R71A PSY

R71H PSY

R71L PSY

R71M PSY

R71S PSY

Document Information

Share your feedback

Need support?