Security holes expose data stored in Tivoli storage system IBM issues advisory about two vulnerabilities in backup software's client

Security holes expose data stored in Tivoli storage system
IBM issues advisory about two vulnerabilities in backup software's client

September 24, 2007 (Computerworld) -- IBM has issued a warning to customers that security fixes should be installed for two vulnerabilities in the IBM Tivoli Storage Manager (TSM) backup software client. The security holes could allow a buffer overrun attack or enable unauthorized access to stored data, IBM said.

In the alert advisory issued late last week, IBM security researchers said that three client interfaces of TSM -- the Web client GUI, the backup-archive client scheduling tool, and the backup-archive server- initiated prompted scheduling product -- could be impacted by the vulnerabilities. No other TSM client tools are affected, IBM said.

By taking advantage of the TSM vulnerabilities, hackers could subvert the backup software's code in two ways, IBM said: A buffer overrun could crash an operating system, or the exploit could open the door for injection code execution. The vulnerability could also allow someone to take advantage of server-initiated prompted scheduling to gain access to private information.

According to IBM, the vulnerabilities are in TSM Express backup clients, and TSM v5.1, v5.2, v5.3 and v5.4 backup-archive clients.

Links within IBM's security advisory provide update packages for immediate download and instructions for installation.

IBM is recommending that customers refrain from using the affected clients until the fixes are installed.



http://www.computerworld.com/action/article.do? command=viewArticleBasic&articleId=9038498&source=NLT_PM&nlid=8

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
.

Relevant Pages

  • Re: I dont want to activate a new copy of XP
    ... It is unfair of you and him to expect IBM or MS ... But the recover/OEM CD's are gone | (probably thrown out as client is a bit of a too neat). ... I would rather not | activate with the retail version as that is somewhat unfair if you ask me | since the Thinkpad has a lic. ... Purchase a new Windows XP license and change the Product Key. ...
    (microsoft.public.windowsxp.general)
  • Re: Unrecognized data in backup
    ... the efficiency of the Windows backup system leaves a lot ... I had to remove the harddisk from the IBM and use an external ... You shouldn't need to boot into safe mode to do that - as any ...
    (microsoft.public.windowsxp.general)
  • Re: Unrecognized data in backup
    ... the efficiency of the Windows backup system leaves a lot ... I had to remove the harddisk from the IBM and use an external ... You shouldn't need to boot into safe mode to do that - as any ...
    (microsoft.public.windowsxp.general)
  • Re: CHKDSK found errors
    ... chkdsk against it with various options, ... DI), reformatted, and restored the backup ending up with the same errors. ... the file system errors. ... > I do have the Ibm recovery CD's, but am not sure if it would allow ...
    (microsoft.public.windowsxp.newusers)
  • [Full-disclosure] iDefense Security Advisory 02.22.07: IBM DB2 Universal Database Multiple Privi
    ... IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities ...
    (Full-Disclosure)
Loading