IBM Support

IT13609: UNAUTHORIZED TIVOLI STORAGE MANAGER CLIENT SESSIONS USING ASNODENAME OPTION MAY RUN AS AUTHORIZED SESSIONS.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Tivoli Storage Manager clients can use the ASNODENAME option
which allows the client session to run as a proxy for another
client to which they have been granted proxy authority.  The
Tivoli Storage Manager server fails to adequately check the
authorization of client sessions using the ASNODENAME option and
runs the session as an authorized session. As a result,
unauthorized users with proxy authority can generate and
retrieve backup data that they would otherwise not be allowed to
write or access.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
* All Tivoli Storage Manager server users.                     *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* See Security Bulletin                                        *
* http://www-01.ibm.com/support/docview.wss?uid=swg21975957    *
****************************************************************
* RECOMMENDATION:                                              *
* Apply fixing level when available. This problem has been     *
* fixed in 7.1.4. This problem is currently projected to be    *
* fixed in levels 6.3.6. Note that this is subject to change   *
* at the discretion of IBM. Please see security bulletin       *
* http://www-01.ibm.com/support/docview.wss?uid=swg21975957    *
* for recommendations on other levels.                         *
****************************************************************

    



Problem conclusion


    

  • This problem was fixed.
Affected platforms:  AIX, HP-UX, Solaris, and Linux.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT13609
    • 

  • Reported component name
    TSM SERVER
    • 

  • Reported component ID
    5698ISMSV
    • 

  • Reported release
    71L
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2016-02-03
    • 

  • Closed date
    2016-02-05
    • 

  • Last modified date
    2016-02-08
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    TSM SERVER
    • 

  • Fixed component ID
    5698ISMSV
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.1.3","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            08 February 2016
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback