Fixes are available
APAR status
Closed as program error.
Error description
Local escalation of privilege vulnerability in TSM Linux x86_64 clients due to arbitrary DSO load.
Local fix
Change the permissions on dsmtca so that only trusted users are permitted to execute it.
Problem summary
**************************************************************** * USERS AFFECTED: * * Tivoli Storage Manager Client 6.3, 6.4, 7.1 running on Linux * * x86 system * **************************************************************** * PROBLEM DESCRIPTION: * * See ERROR DESCRIPTION * * For additional details, refer to the security bulletin * * published here: * * http://www.ibm.com/support/docview.wss?uid=swg21695715 * **************************************************************** * RECOMMENDATION: * * Apply fixing level when available. This problem is currently * * projected to be fixed in Tivoli Storage Manager Client in * * levels 6.4.3 and 7.1.2. Note that this is subject to change * * at the discretion of IBM. * ****************************************************************
Problem conclusion
The arbitrary DSO load was removed.
Temporary fix
A fix for this problem is currently targeted for Tivoli Storage Manager Client interim fix package 6.3.2.3, 6.4.2.2 and 7.1.1.2. Until the interim fix is actually available, this information is subject to change at the discretion of IBM.
Comments
APAR Information
APAR number
IT05713
Reported component name
TSM CLIENT
Reported component ID
5698ISMCL
Reported release
71L
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2014-11-25
Closed date
2014-12-30
Last modified date
2016-08-26
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
DSMTCA
Fix information
Fixed component name
TSM CLIENT
Fixed component ID
5698ISMCL
Applicable component levels
R63L PSY
UP
R64L PSY
UP
R71L PSY
UP
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"71L","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
11 January 2022