Hi This is really good question. If fact current description is not very clear. Anyone could provide better one or some example scenario to know which data/config is affected? Thanks in advance
Krzysztof 2016-02-25 13:04 GMT+01:00 Henrik Ahlgren <[email protected]>: > Is the IBM Security Bulletin correct when it does not list Windows as a > vulnerable platform? > > BTW, where can I find a more detailed description about what does this > mean exactly: "The Tivoli Storage Manager server fails to adequately > check the authorization of client sessions using the ASNODENAME option > and runs the session as an authorized session. As a result, unauthorized > users with proxy authority can generate and retrieve backup data that > they would otherwise not be allowed to write or access." > > Any node with granted proxy authority to some target can read data from > any target or what? I find this description about the vulnerability > quite vague. > > On Wed, Feb 24, 2016, at 10:32 PM, Thomas Denier wrote: > > We are trying to figure out how to deal with the bug described in > > http://www-01.ibm.com/support/docview.wss?uid=swg21975957. The document > > at that URL includes a table with information about the availability of > > fixes for various server code levels. The row for TSM 6.3 has a cell > > stating that the fixing level is 6.3.5.1. Two cells to the right in the > > same row customers are advised to contact IBM support and request > > 6.3.5.110 or later. Am I missing something that makes it possible for the > > two cells to be logically compatible? > > > > Thomas Denier > > Thomas Jefferson University > > The information contained in this transmission contains privileged and > > confidential information. It is intended only for the use of the person > > named above. If you are not the intended recipient, you are hereby > > notified that any review, dissemination, distribution or duplication of > > this communication is strictly prohibited. If you are not the intended > > recipient, please contact the sender by reply email and destroy all > > copies of the original message. > > > > CAUTION: Intended recipients should NOT use email communication for > > emergent or urgent health care matters. >
