Security holes expose data stored in Tivoli storage system
IBM issues advisory about two vulnerabilities in backup software's
client
September 24, 2007 (Computerworld) -- IBM has issued a warning to
customers that security fixes should be installed for two
vulnerabilities in the IBM Tivoli Storage Manager (TSM) backup
software client. The security holes could allow a buffer overrun
attack or enable unauthorized access to stored data, IBM said.
In the alert advisory issued late last week, IBM security researchers
said that three client interfaces of TSM -- the Web client GUI, the
backup-archive client scheduling tool, and the backup-archive server-
initiated prompted scheduling product -- could be impacted by the
vulnerabilities. No other TSM client tools are affected, IBM said.
By taking advantage of the TSM vulnerabilities, hackers could subvert
the backup software's code in two ways, IBM said: A buffer overrun
could crash an operating system, or the exploit could open the door
for injection code execution. The vulnerability could also allow
someone to take advantage of server-initiated prompted scheduling to
gain access to private information.
According to IBM, the vulnerabilities are in TSM Express backup
clients, and TSM v5.1, v5.2, v5.3 and v5.4 backup-archive clients.
Links within IBM's security advisory provide update packages for
immediate download and instructions for installation.
IBM is recommending that customers refrain from using the affected
clients until the fixes are installed.
http://www.computerworld.com/action/article.do?
command=viewArticleBasic&articleId=9038498&source=NLT_PM&nlid=8
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
