Just to re-iterate... >I wonder.....do you need to replace the tsm executable in /usr/sbin after >you update TSM server code??????
No. The 'tsm' in /usr/sbin has nothing to do with Tivoli Storage Manager. I have absolutely *no* idea why IBM just didn't call it 'login', since that what it's linked to. =) -JD. > Gabriel Wiley > <[EMAIL PROTECTED] To: [EMAIL PROTECTED] > .COM> cc: > Sent by: Subject: Re: For those >Security conscious people running AIX > "ADSM: Dist > Stor Manager" > <[EMAIL PROTECTED] > IST.EDU> > > > 04/04/2002 > 08:19 AM > Please respond > to "ADSM: Dist > Stor Manager" > > > > > > >Lisa, > >I just upgraded another server to ML9 + yesterday.. > >I ordered the CD(s) in Feb. when they arrived it did not have the fileset. >(CD was ML9 as of 02/06/02) > >It is an add on if you wish to call it that.. > >Gabriel C. Wiley >ADSM/TSM Administrator >AIX Support >Phone 1-614-308-6709 >Pager 1-877-489-2867 >Fax 1-614-308-6637 >Cell 1-740-972-6441 > >Siempre Hay Esperanza > > > > > Lisa Cabanas > <[EMAIL PROTECTED] To: >[EMAIL PROTECTED] > > cc: > Sent by: "ADSM: Subject: Re: For those >Security conscious people running AIX > Dist Stor > Manager" > <[EMAIL PROTECTED] > .EDU> > > > 04/03/2002 09:07 > AM > Please respond to > "ADSM: Dist Stor > Manager" > > > > > >I think what Justin said about having to do extra steps is right (needing >additional filesets, specifically)-- I am at ML9, but when I look at the >levels of the filesets, they are still below what is indicated as being >unaffected, and the instfix doesn't show that APAR. > >bummer. > >lisa > > > > Gabriel Wiley > <[EMAIL PROTECTED] To: [EMAIL PROTECTED] > .COM> cc: > Sent by: Subject: Re: For those >Security conscious people running AIX > "ADSM: Dist > Stor Manager" > <[EMAIL PROTECTED] > IST.EDU> > > > 04/02/2002 > 04:13 PM > Please respond > to "ADSM: Dist > Stor Manager" > > > > > > >I can't tell you if it was fixed in ML8 we went from ML3 to ML9 overnight >(or a very long weekend) .. > >The security people, waived it in my face the other day and said get it >fixed. > >Since we are at ML9 + there was no need , it was already there. > >If you go to the software website it says you need to install 388 or so >filesets to be legit.. (Wrong not in this env.) > >There have been buffer overflow issues in every version of AIX so far.. > >Problem Summar y > > The tsm family of commands (tsm,getty,login) does not > properly validate the port name entered on the command >line. > This can allow unpriviledged users to become root. > > >Gabriel C. Wiley >ADSM/TSM Administrator >AIX Support >Phone 1-614-308-6709 >Pager 1-877-489-2867 >Fax 1-614-308-6637 >Cell 1-740-972-6441 > >Siempre Hay Esperanza > > > >|---------+----------------------------> >| | Justin Derrick | >| | <jderrick@CANADA.| >| | COM> | >| | Sent by: "ADSM: | >| | Dist Stor | >| | Manager" | >| | <[EMAIL PROTECTED]| >| | .EDU> | >| | | >| | | >| | 04/02/2002 03:16 | >| | PM | >| | Please respond to| >| | "ADSM: Dist Stor | >| | Manager" | >| | | >|---------+----------------------------> > > >------------------------------------------------------------------------------- >-----------------------------------------------| > > > > | >| > | To: [EMAIL PROTECTED] >| > | cc: >| > | Subject: Re: For those Security conscious people running AIX >| > | >| > | >| > > >------------------------------------------------------------------------------- >-----------------------------------------------| > > > > > > >I think I had to install this separately at a client site because it >required a few steps in order to take proper effect... But to be >absolutely clear, this isn't Tivoli Storage Manager related. For some >reason, the 'login' program on AIX is a link (an alias, if you will) to the >'tsm' program, which, again, has nothing to do with Tivoli Storage Manager. > >-JD. > >>Isn't/Wasn't this taken care of in ML8? >> >> >> >> Gabriel Wiley >> <[EMAIL PROTECTED] To: [EMAIL PROTECTED] >> .COM> cc: >> Sent by: Subject: For those Security >>conscious people running AIX >> "ADSM: Dist >> Stor Manager" >> <[EMAIL PROTECTED] >> IST.EDU> >> >> >> 04/02/2002 >> 12:14 PM >> Please respond >> to "ADSM: Dist >> Stor Manager" >> >> >> >> >> >> >>If you are not aware .. FYI **** >> >>SECURITY: MULTIPLE BUFFER OVERFLOW VULNERABILITIES IN TSMLOGIN >> >>Created: 01/04/2002 at 03:22 PM >> >> >> Published Date: 01/04/2002 >> >> >> >> >> >> >> OS or Applications Affected: AIX >> >> Versions Affected: 4.3 >> >> >> >> >> >> Severity: Medium >> >> >> >> >> >> APAR/Patch ID: IY26443 >> >> Workaround Available?: No >> >> >> >> >> >> >> >> >> >>Run this command to see if you have it ; >> >>instfix -ik IY26443 >> >> or >> >>instfix -ick IY26443 >> >>Keyword:Fileset:ReqLevel:InstLevel:Status:Abstract >>Y26443:bos.rte.security:4.3.3.79:4.3.3.79:=:SECURITY: Multiple buffer >>overflow vulnerabilities in tsmlogin >> >> >>Gabriel C. Wiley >>ADSM/TSM Administrator >>AIX Support >>Phone 1-614-308-6709 >>Pager 1-877-489-2867 >>Fax 1-614-308-6637 >>Cell 1-740-972-6441 >> >>Siempre Hay Esperanza
