IBM Support

IC77049: CVE-2011-1222 LOCAL BUFFER OVERRUN VULNERABILITY IN TSM WINDOWS X32, WINDOWS X64, AND AIX JOURNAL BASED BACKUP (JBB) CLIENTS

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • CVE-2011-1222 Local buffer overrun vulnerability in TSM
    Windows x32, Windows x64, and AIX Journal Based Backup (JBB)
    clients.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: TSM Windows and AIX Journal Based Backup (JBB)
    *                 clients.                                     *
    ****************************************************************
    * PROBLEM DESCRIPTION: A local buffer overrun vulnerability    *
    *                      in the JBB functionality could allow a  *
    *                      local unauthorized user to crash the    *
    *                      client or inject malicious code.        *
    ****************************************************************
    * RECOMMENDATION: Apply the fixing client levels, which are all*
    *                 available: 6.2.2, 6.1.4, 5.5.3, 5.4.3.4.     *
    *                 Higher levels within those releases will also*
    *                 contain the fix.                             *
    ****************************************************************
    

Problem conclusion

  • The code has been changed so the vulnerability no longer occurs.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IC77049

  • Reported component name

    TSM CLIENT

  • Reported component ID

    5698ISMCL

  • Reported release

    62W

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2011-06-17

  • Closed date

    2011-06-28

  • Last modified date

    2011-06-29

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • DSMC
    

Fix information

  • Fixed component name

    TSM CLIENT

  • Fixed component ID

    5698ISMCL

Applicable component levels

  • R62W PSY

       UP

  • R62A PSY

       UP

  • R61W PSY

       UP

  • R61A PSY

       UP

  • R55W PSY

       UP

  • R55A PSY

       UP

  • R54W PSY

       UP

  • R54A PSY

       UP



Document information

More support for: Tivoli Storage Manager

Software version: 62W

Reference #: IC77049

Modified date: 29 June 2011