Security Bulletin: Two unauthorized access vulnerabilities in IBM TSM for Space Management (CVE-2012-4859 and CVE-2012-5954).

Flash (Alert)


Abstract

Unauthorized access vulnerabilities exist in IBM Tivoli Storage Manager (TSM) for Space Management (HSM)

Content

VULNERABILITY DETAILS:
CVE ID: CVE-2012-4859
Description: A local unauthorized malicious user can access and manipulate all file system objects on affected systems. Internal APAR IC87006 was opened for this vulnerability.

Using the Common Vulnerability Scoring System (CVSS) v2, the security rating for this issue is:
CVSS Base Score: 7.2
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/79843 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2012-5954
Description: A remote unauthorized malicious user can access and manipulate all file system objects managed by TSM HSM on affected systems. Other file system objects cannot be accessed by the user on those systems. Internal APAR IC86724 was opened for this vulnerability.

Using the Common Vulnerability Scoring System (CVSS) v2, the security rating for this issue is:
CVSS Base Score: 6.4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/80668 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N)


AFFECTED PRODUCTS AND VERSIONS:

IBM Tivoli Storage Manager for Space Management supported versions 5.5 through 6.3, and unsupported versions prior to 5.5. HSM 6.4 is unaffected.


REMEDIATION:

Apply the fixing versions of HSM when available (see table below), and use the Mitigation until the fixes can be applied. Customers using HSM versions prior to 6.2 must upgrade to the newer fixed versions of HSM, or use the mitigation below.

With the fixes or mitigation, execution of the following HSM commands by non-root users will no longer be possible:

  • dsmdf
  • dsmdu
  • dsmls
  • dsmmigfs
  • dsmmigrate
  • dsmrecall
HSM Release HSM Vulnerable Levels Fixing HSM Level
6.3 6.3.0.0 through 6.3.0.17
6.2 6.2.0.0 through 6.2.4.4
6.1 all
Upgrade to fixing 6.3 client, or 6.4, or use Mitigation
5.5 all
Upgrade to fixing 6.3 client, or 6.4, or use Mitigation
prior unsupported releases all
Upgrade to fixing 6.3 client, or 6.4, or use Mitigation

Note: HSM 6.4 is unaffected, and does not allow the execution of HSM commands by non-root users.


MITIGATION:

The non-root support provided by the dsmrootd binary must be disabled in order to mitigate these vulnerabilities. As a result, execution of the HSM commands listed under the Remediation section by non-root users will no longer be possible with this mitigation.

The following procedures must be executed as root user.


AIX and Linux platforms with HSM managed GPFS

On machines where HSM is installed to manage GPFS, the dsmrootd must be replaced.

1. Disable failover
Invoke the command
dsmmigfs disablefailover
2. Stop the dsmrootd process
Invoke the command
kill -SIGTERM <dsmrootd_pid>
Replace <dsmrootd_pid> with the process id of the dsmrootd
3. Delete the dsmrootd file
On AIX this file is located in /usr/tivoli/tsm/client/hsm/bin on Linux this file is located in /opt/tivoli/tsm/client/hsm/bin.
4. Replace the dsmrootd file with a shell script named dsmrootd.
The script has the following content:
#!/bin/sh
exit_with_grace()
{
exit 0
}
if [ "x$1" != "x--" ]; then
$0 -- 1> /dev/null 2> /dev/null &
exit 0
fi
trap "exit_with_grace" USR1 TERM QUIT
while true; do
sleep 5;
done


The script must be owned by the root user and the execution permission must be set for the root user. To achieve this invoke the following commands:
chmod u+x /<path>/tivoli/tsm/client/hsm/bin/dsmrootd
chown root /<path>/tivoli/tsm/client/hsm/bin/dsmrootd
replace here <path> with either opt or usr.
On AIX for example execute
chmod u+x   /usr/tivoli/tsm/client/hsm/bin/dsmrootd
chown root /usr/tivoli/tsm/client/hsm/bin/dsmrootd
5. Enable failover
Invoke the command
dsmmigfs enablefailover

Other platforms

On machines where JFS2 or VxFS file systems are HSM managed the dsmrootd binary must be removed.

1. Stop the dsmrootd process
Invoke the command
kill -SIGTERM <dsmrootd_pid>
Replace <dsmrootd_pid> with the process id of the dsmrootd
2. Remove the dsmrootd file.
On AIX JFS2 this file is located in /usr/tivoli/tsm/client/hsm/bin, on HP-UX and Solaris Sparc this file is located in /opt/tivoli/tsm/client/hsm/bin.


OPTIONAL ACTIONS:

All platforms
In order to prevent the commands listed in the Remediation section from hanging when non-root users try to execute them, remove the execution permission bit for others (o) from the corresponding files located in /usr/tivoli/tsm/client/hsm/bin in case of AIX or in /opt/tivoli/tsm/client/hsm/bin for other platforms.

The execution permission is removed with the following command:
chmod o-x /<path>/tivoli/tsm/client/hsm/bin/<file_name>
replace here <path> with the appropriate path and <file_name> with either one commands listed above or simply specify asterisk "*" for all files.
For example on Linux execute either
chmod o-x   /opt/tivoli/tsm/client/hsm/bin/dsmdf
or
chmod o-x   /opt/tivoli/tsm/client/hsm/bin/*


These vulnerabilities were found internally by IBM.


REFERENCES:


CHANGE HISTORY:

18 December 2012: Original Copy Published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Tivoli Storage Manager for Space Management

Software version:

5.4, 5.5, 6.1, 6.2, 6.3

Operating system(s):

AIX, HP Itanium, HP-UX, Linux/x86, Solaris

Reference #:

1615292

Modified date:

2014-03-28

Translate my page

Machine Translation

Content navigation