IBM Tivoli Storage Manager Lets Local Users Monitor Server Activities
|
|
SecurityTracker Alert ID: 1021947 |
|
SecurityTracker URL: http://securitytracker.com/id/1021947
|
|
CVE Reference:
CVE-2003-1570
(Links to External Site)
|
Updated: Apr 2 2009
|
Original Entry Date: Mar 30 2009
|
Impact:
Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 5.2 and prior versions; possibly 6.0
|
Description:
A vulnerability was reported in IBM Tivoli Storage Manager. A local user can view activities on the server.
A local user can initiate a "console mode" session to monitor activities on the target Tivoli Storage Manager (TSM) server. The user cannot enter commands.
[Editor's note: This vulnerability was originally disclosed by the vendor in October 2003.]
|
Impact:
A local user can view activities on the server.
|
Solution:
The vendor has issued a fix (APAR IC37554; 5.2A, 6.1).
The vendor's advisories are available at:
http://www-01.ibm.com/support/docview.wss?uid=swg21375360
http://www-01.ibm.com/support/docview.wss?uid=swg1IC37554
|
Vendor URL: www-01.ibm.com/support/docview.wss?uid=swg1IC37554 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 30 Mar 2009 09:08:24 -0500
Subject: IBM Tivoli Storage Manager
|
http://www-01.ibm.com/support/docview.wss?uid=swg21375360
http://www-01.ibm.com/support/docview.wss?uid=swg1IC37554
IC37554 IC37554 5698ISMSV 52A
TSM SERVER MAY ALLOW UNAUTHORIZED ACCESS TO SERVER VIA A CONSOL
|
|
