IBM Support

IC77052: CVE-2011-1223 LOCAL BUFFER OVERRUN VULNERABILITY IN TSM WINDOWS CLIENT ALTERNATE DATA STREAM (NAMED STREAM) PROCESSING

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • CVE-2011-1223 Local buffer overrun vulnerability in TSM Windows
    client alternate data stream processing
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: TSM Windows x32, x64, and IA64 clients with  *
    *                 Alternate Data Streams (Named Streams)       *
    ****************************************************************
    * PROBLEM DESCRIPTION: A potential local buffer overrun        *
    *                      vulnerability exists in the TSM Windows *
    *                      client Alternate Data Stream processing.*
    ****************************************************************
    * RECOMMENDATION: Apply the fixing client levels, which are all*
    *                 available: 6.2.2, 6.1.4, 5.5.3, and 5.4.3.4. *
    *                 Higher level fixes within these releases will*
    *                 also contain the fix.                        *
    ****************************************************************
    

Problem conclusion

  • The code has been fixed so the vulnerability can no longer occur
    

Temporary fix

  • 6.1.3.2 through 6.1.3.5 included the fix before 6.1.4 came out
    5.5.2.12 included the fix before 5.5.3 came out
    Note these interim fix levels were not shipped on all affected
    platforms.
    

Comments

APAR Information

  • APAR number

    IC77052

  • Reported component name

    TSM CLIENT

  • Reported component ID

    5698ISMCL

  • Reported release

    62W

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2011-06-17

  • Closed date

    2011-06-28

  • Last modified date

    2011-06-29

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Modules/Macros

  • DSMC
    

Fix information

  • Fixed component name

    TSM CLIENT

  • Fixed component ID

    5698ISMCL

Applicable component levels

  • R62W PSY

       UP

  • R61W PSY

       UP

  • R55W PSY

       UP

  • R54W PSY

       UP



Document information

More support for: Tivoli Storage Manager

Software version: 62W

Reference #: IC77052

Modified date: 29 June 2011