Re: Re: Privilege escalation bug
Arrrgh! I have been working through a stack of changes to implement the last set of updates for security issues on dsmtca. This is about 20 changes over 4 months, and the workload imposed by this is considerable. I now find I have to go back and do most of these again! (I could rant about the futility of "best practise" change control but I will leave that for another day in another forum). Lots of Domino 8.5 boxes that need a 32 bit linux api are stuck on 6.2. Its fairly obvious that dsmtca is a bag of security worms, and that the present whack-a-mole attitude to it is not working. So why not a rethink? Every supported "server grade" TSM client OS has some version of Role Based Access Control. This comes as standard in AIX since forever, and windows since at least Win2K, don't know about the others. So its hardly bleeding edge. A simple change to run under a "tsm" specific id with appropriate RBAC role to do backups and restores would neatly sidestep all these rights elevation issues. How hard can it be? Regards Steve On 26 February 2015 at 11:03, David Bronder wrote: > There have been 3-4 security vulnerabilities recently for either Linux or > all > Unix and Linux clients, all related to the setuid "dsmtca" utility, with > some > overlap in versions (6.3-ish, IIRC) for some of the issues. > > For older/unsupported (or can't-yet-be-updated) clients, the workaround has > been to restrict permissions on "dsmtca" (either remove the setuid bit > entirely, or limit access to it to trusted users via group permissions or, > I > suppose, ACLs). The impact of the workaround is that non-root users > without > explicit (e.g. group-based) permissions for "dsmtca" won't be able to use > the > TSM client. > > We used this workaround for our 6.2 clients until the 6.2.5.4 release, > which > wasn't initially available. (The advisories previously said to contact > support for the fix, which I did; they published 6.2.5.4 a couple weeks > later. I suspect the devs were hoping they could get away with not > building > a 6.2 release with the fixes, since 6.2 drops from support in April... :-) > ) > > =Dave > > > On 02/25/2015 02:00 PM, Zoltan Forray wrote: > > Where are you getting the bulletins/alerts from? I wouldn't have know > > about it if it wasn't for your posting. I have passed this on to my > folks > > - we too have old clients going back to 5.3 and older (IRIX?) > > > > On Wed, Feb 25, 2015 at 12:55 PM, Thomas Denier < > thomas.den...@jefferson.edu> wrote: > > > >> The body of the bulletin I received states that the affected platforms > are > >> AIX, HP-UX, Linux, Solaris, and Mac. > >> > >> -Original Message- > >> From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf > Of > >> Zoltan Forray > >> Sent: Wednesday, February 25, 2015 12:12 PM > >> To: ADSM-L@VM.MARIST.EDU > >> Subject: Re: [ADSM-L] Privilege escalation bug > >> > >> Does not specifically say if it includes SOLARIS (only says "*UNIX, > Linux, > >> and OS X allows local users to gain privileges via unspecified > vectors.*"). > >> Do I assume since it says "UNIX" SOLARIS is includes? We have some old > >> Domino Solaris boxes (supposed to go away some time soon) still > running > >> 6.1.3 > >> > >> > >> > >> On Wed, Feb 25, 2015 at 10:56 AM, Thomas Denier < > thomas.den...@jefferson.edu> wrote: > >> > >>> I received a security bulletin from IBM yesterday regarding "Tivoli > >>> Storage Manager Stack-based Buffer Overflow Elevation of Privilege: > >>> CVE-2014-6184". The affected version/release combinations listed in > >>> the bulletin run from 5.4 to 6.3. We still have one Linux system with > >>> 5.3 client code. Can I treat the list of affected releases as an > >>> explicit assurance that the 5.3 client does not have the vulnerability > >>> discussed in the bulletin? The alternative possibility that worries me > >>> is that 5.4 is the oldest level IBM thought it worthwhile to check. > >>> > > -- > Hello World.David Bronder - Systems > Architect > Segmentation Fault ITS-EI, Univ. of > Iowa > Core dumped, disk trashed, quota filled, soda warm. > david-bron...@uiowa.edu >
Re: Re: Privilege escalation bug
There have been 3-4 security vulnerabilities recently for either Linux or all Unix and Linux clients, all related to the setuid "dsmtca" utility, with some overlap in versions (6.3-ish, IIRC) for some of the issues. For older/unsupported (or can't-yet-be-updated) clients, the workaround has been to restrict permissions on "dsmtca" (either remove the setuid bit entirely, or limit access to it to trusted users via group permissions or, I suppose, ACLs). The impact of the workaround is that non-root users without explicit (e.g. group-based) permissions for "dsmtca" won't be able to use the TSM client. We used this workaround for our 6.2 clients until the 6.2.5.4 release, which wasn't initially available. (The advisories previously said to contact support for the fix, which I did; they published 6.2.5.4 a couple weeks later. I suspect the devs were hoping they could get away with not building a 6.2 release with the fixes, since 6.2 drops from support in April... :-) ) =Dave On 02/25/2015 02:00 PM, Zoltan Forray wrote: > Where are you getting the bulletins/alerts from? I wouldn't have know > about it if it wasn't for your posting. I have passed this on to my folks > - we too have old clients going back to 5.3 and older (IRIX?) > > On Wed, Feb 25, 2015 at 12:55 PM, Thomas Denier > wrote: > >> The body of the bulletin I received states that the affected platforms are >> AIX, HP-UX, Linux, Solaris, and Mac. >> >> -Original Message- >> From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of >> Zoltan Forray >> Sent: Wednesday, February 25, 2015 12:12 PM >> To: ADSM-L@VM.MARIST.EDU >> Subject: Re: [ADSM-L] Privilege escalation bug >> >> Does not specifically say if it includes SOLARIS (only says "*UNIX, Linux, >> and OS X allows local users to gain privileges via unspecified vectors.*"). >> Do I assume since it says "UNIX" SOLARIS is includes? We have some old >> Domino Solaris boxes (supposed to go away some time soon) still running >> 6.1.3 >> >> >> >> On Wed, Feb 25, 2015 at 10:56 AM, Thomas Denier >> wrote: >> >>> I received a security bulletin from IBM yesterday regarding "Tivoli >>> Storage Manager Stack-based Buffer Overflow Elevation of Privilege: >>> CVE-2014-6184". The affected version/release combinations listed in >>> the bulletin run from 5.4 to 6.3. We still have one Linux system with >>> 5.3 client code. Can I treat the list of affected releases as an >>> explicit assurance that the 5.3 client does not have the vulnerability >>> discussed in the bulletin? The alternative possibility that worries me >>> is that 5.4 is the oldest level IBM thought it worthwhile to check. >>> -- Hello World.David Bronder - Systems Architect Segmentation Fault ITS-EI, Univ. of Iowa Core dumped, disk trashed, quota filled, soda warm. david-bron...@uiowa.edu
Re: ANS4174E error
Here's a link to the formula: http://www-01.ibm.com/support/docview.wss?uid=swg21695292 And the answer of course, is "it depends" on your source data and change rate. If you are talking 250 VM's or less, I never know so I start with 100G, broken up into 10 GB volumes. Then monitor it. -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of McWilliams, Eric Sent: Wednesday, February 25, 2015 2:11 PM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] ANS4174E error Thanks for the information, Wanda. It must be that they are migrating to tape. We migrate to tape rather often. Do you know how large the control information is? I need to estimate how large to make the disk pool. Thanks again. Eric McWilliams IT Systems Administrator II www.medsynergies.com -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Prather, Wanda Sent: Wednesday, February 25, 2015 12:32 PM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] ANS4174E error Each backup session backs up some control information, and that information is restored for use during the next backup. (You can see the restores happening if you watch the server during the backup, or if you look in the accounting info.) I'm just guessing, but I suspect that the "data unavailable on server" is because it can't restore that control info. Perhaps some volumes in your disk pool are offline, or the control information has migrated off to tape? If the latter, you need to put these keywords in the dsm.opt on your datamover: VMMCyour-mgmt-class-for-data-goes-here VMCTLMC your-mgmt-class-for-control-info-goes-here The control info mgmt. class should point to a small disk pool that can't migrate to tape. Wanda Prather TSM Consultant ICF International Enterprise and Cybersecurity Systems Division -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of McWilliams, Eric Sent: Wednesday, February 25, 2015 11:16 AM To: ADSM-L@VM.MARIST.EDU Subject: [ADSM-L] ANS4174E error I'm trying to back up some VM's using DP for VM 7.1.1.0 and am getting an error on some of the VM's and the backup is failing. I've asked Uncle Google and can't find much. I would contact IBM support but I get very little help from them as well. 02/25/2015 09:35:07 ANS9351E Data was not available on server and was skipped. 02/25/2015 09:35:07 ANS4174E Full VM backup of VMware Virtual Machine 'Hamilton' failed with RC=14 mode=Incremental Forever - Incremental, target node name='VCENTER_COTX', data mover node name='VCENTER_COTX_DM' 02/25/2015 09:35:08 02/25/2015 09:35:08 ANS1228E Sending of object 'Hamilton' failed. 02/25/2015 09:35:08 ANS1314E File data currently unavailable on server Any help would be greatly appreciated. Thanks, Eric ** *** CONFIDENTIALITY NOTICE *** This message and any included attachments are from MedSynergies, Inc. and are intended only for the addressee. The contents of this message contain confidential information belonging to the sender that is legally protected. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or contact MedSynergies, Inc. at postmas...@medsynergies.com.
Re: Privilege escalation bug
I signed up for a subscription for notices related to TSM. The trailer information on the privilege escalation bulletin advises using the URL: https://www.ibm.com/support/mynotifications to subscribe or unsubscribe. -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Zoltan Forray Sent: Wednesday, February 25, 2015 3:01 PM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] Privilege escalation bug Where are you getting the bulletins/alerts from? I wouldn't have know about it if it wasn't for your posting. I have passed this on to my folks - we too have old clients going back to 5.3 and older (IRIX?) On Wed, Feb 25, 2015 at 12:55 PM, Thomas Denier wrote: > The body of the bulletin I received states that the affected platforms > are AIX, HP-UX, Linux, Solaris, and Mac. > > -Original Message- > From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf > Of Zoltan Forray > Sent: Wednesday, February 25, 2015 12:12 PM > To: ADSM-L@VM.MARIST.EDU > Subject: Re: [ADSM-L] Privilege escalation bug > > Does not specifically say if it includes SOLARIS (only says "*UNIX, > Linux, and OS X allows local users to gain privileges via unspecified > vectors.*"). > Do I assume since it says "UNIX" SOLARIS is includes? We have some > old Domino Solaris boxes (supposed to go away some time soon) > still running 6.1.3 > > > > On Wed, Feb 25, 2015 at 10:56 AM, Thomas Denier < > thomas.den...@jefferson.edu > > wrote: > > > I received a security bulletin from IBM yesterday regarding "Tivoli > > Storage Manager Stack-based Buffer Overflow Elevation of Privilege: > > CVE-2014-6184". The affected version/release combinations listed in > > the bulletin run from 5.4 to 6.3. We still have one Linux system > > with > > 5.3 client code. Can I treat the list of affected releases as an > > explicit assurance that the 5.3 client does not have the > > vulnerability discussed in the bulletin? The alternative possibility > > that worries me is that 5.4 is the oldest level IBM thought it worthwhile > > to check. > > > > Thomas Denier > > Thomas Jefferson University > > The information contained in this transmission contains privileged > > and confidential information. It is intended only for the use of the > > person named above. If you are not the intended recipient, you are > > hereby notified that any review, dissemination, distribution or > > duplication of this communication is strictly prohibited. If you are > > not the intended recipient, please contact the sender by reply email > > and destroy all copies of the original message. > > > > CAUTION: Intended recipients should NOT use email communication for > > emergent or urgent health care matters. > > > > > > -- > *Zoltan Forray* > TSM Software & Hardware Administrator > Hobbit / Xymon Administrator > Virginia Commonwealth University > UCC/Office of Technology Services > zfor...@vcu.edu - 804-828-4807 > Don't be a phishing victim - VCU and other reputable organizations > will never use email to request that you reply with your password, > social security number or confidential personal information. For more > details visit http://infosecurity.vcu.edu/phishing.html > The information contained in this transmission contains privileged and > confidential information. It is intended only for the use of the > person named above. If you are not the intended recipient, you are > hereby notified that any review, dissemination, distribution or > duplication of this communication is strictly prohibited. If you are > not the intended recipient, please contact the sender by reply email > and destroy all copies of the original message. > > CAUTION: Intended recipients should NOT use email communication for > emergent or urgent health care matters. > > -- *Zoltan Forray* TSM Software & Hardware Administrator Hobbit / Xymon Administrator Virginia Commonwealth University UCC/Office of Technology Services zfor...@vcu.edu - 804-828-4807 Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. For more details visit http://infosecurity.vcu.edu/phishing.html The information contained in this transmission contains privileged and confidential information. It is intended only for the use of the person named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. CAUTION: Intended recipients should NOT use email communication for emergent or urgent health care matters.
Re: Privilege escalation bug
Where are you getting the bulletins/alerts from? I wouldn't have know about it if it wasn't for your posting. I have passed this on to my folks - we too have old clients going back to 5.3 and older (IRIX?) On Wed, Feb 25, 2015 at 12:55 PM, Thomas Denier wrote: > The body of the bulletin I received states that the affected platforms are > AIX, HP-UX, Linux, Solaris, and Mac. > > -Original Message- > From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of > Zoltan Forray > Sent: Wednesday, February 25, 2015 12:12 PM > To: ADSM-L@VM.MARIST.EDU > Subject: Re: [ADSM-L] Privilege escalation bug > > Does not specifically say if it includes SOLARIS (only says "*UNIX, Linux, > and OS X allows local users to gain privileges via unspecified vectors.*"). > Do I assume since it says "UNIX" SOLARIS is includes? We have some old > Domino Solaris boxes (supposed to go away some time soon) still running > 6.1.3 > > > > On Wed, Feb 25, 2015 at 10:56 AM, Thomas Denier < > thomas.den...@jefferson.edu > > wrote: > > > I received a security bulletin from IBM yesterday regarding "Tivoli > > Storage Manager Stack-based Buffer Overflow Elevation of Privilege: > > CVE-2014-6184". The affected version/release combinations listed in > > the bulletin run from 5.4 to 6.3. We still have one Linux system with > > 5.3 client code. Can I treat the list of affected releases as an > > explicit assurance that the 5.3 client does not have the vulnerability > > discussed in the bulletin? The alternative possibility that worries me > > is that 5.4 is the oldest level IBM thought it worthwhile to check. > > > > Thomas Denier > > Thomas Jefferson University > > The information contained in this transmission contains privileged and > > confidential information. It is intended only for the use of the > > person named above. If you are not the intended recipient, you are > > hereby notified that any review, dissemination, distribution or > > duplication of this communication is strictly prohibited. If you are > > not the intended recipient, please contact the sender by reply email > > and destroy all copies of the original message. > > > > CAUTION: Intended recipients should NOT use email communication for > > emergent or urgent health care matters. > > > > > > -- > *Zoltan Forray* > TSM Software & Hardware Administrator > Hobbit / Xymon Administrator > Virginia Commonwealth University > UCC/Office of Technology Services > zfor...@vcu.edu - 804-828-4807 > Don't be a phishing victim - VCU and other reputable organizations will > never use email to request that you reply with your password, social > security number or confidential personal information. For more details > visit http://infosecurity.vcu.edu/phishing.html > The information contained in this transmission contains privileged and > confidential information. It is intended only for the use of the person > named above. If you are not the intended recipient, you are hereby notified > that any review, dissemination, distribution or duplication of this > communication is strictly prohibited. If you are not the intended > recipient, please contact the sender by reply email and destroy all copies > of the original message. > > CAUTION: Intended recipients should NOT use email communication for > emergent or urgent health care matters. > > -- *Zoltan Forray* TSM Software & Hardware Administrator Hobbit / Xymon Administrator Virginia Commonwealth University UCC/Office of Technology Services zfor...@vcu.edu - 804-828-4807 Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. For more details visit http://infosecurity.vcu.edu/phishing.html
Re: ANS4174E error
Thanks for the information, Wanda. It must be that they are migrating to tape. We migrate to tape rather often. Do you know how large the control information is? I need to estimate how large to make the disk pool. Thanks again. Eric McWilliams IT Systems Administrator II www.medsynergies.com -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Prather, Wanda Sent: Wednesday, February 25, 2015 12:32 PM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] ANS4174E error Each backup session backs up some control information, and that information is restored for use during the next backup. (You can see the restores happening if you watch the server during the backup, or if you look in the accounting info.) I'm just guessing, but I suspect that the "data unavailable on server" is because it can't restore that control info. Perhaps some volumes in your disk pool are offline, or the control information has migrated off to tape? If the latter, you need to put these keywords in the dsm.opt on your datamover: VMMCyour-mgmt-class-for-data-goes-here VMCTLMC your-mgmt-class-for-control-info-goes-here The control info mgmt. class should point to a small disk pool that can't migrate to tape. Wanda Prather TSM Consultant ICF International Enterprise and Cybersecurity Systems Division -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of McWilliams, Eric Sent: Wednesday, February 25, 2015 11:16 AM To: ADSM-L@VM.MARIST.EDU Subject: [ADSM-L] ANS4174E error I'm trying to back up some VM's using DP for VM 7.1.1.0 and am getting an error on some of the VM's and the backup is failing. I've asked Uncle Google and can't find much. I would contact IBM support but I get very little help from them as well. 02/25/2015 09:35:07 ANS9351E Data was not available on server and was skipped. 02/25/2015 09:35:07 ANS4174E Full VM backup of VMware Virtual Machine 'Hamilton' failed with RC=14 mode=Incremental Forever - Incremental, target node name='VCENTER_COTX', data mover node name='VCENTER_COTX_DM' 02/25/2015 09:35:08 02/25/2015 09:35:08 ANS1228E Sending of object 'Hamilton' failed. 02/25/2015 09:35:08 ANS1314E File data currently unavailable on server Any help would be greatly appreciated. Thanks, Eric ** *** CONFIDENTIALITY NOTICE *** This message and any included attachments are from MedSynergies, Inc. and are intended only for the addressee. The contents of this message contain confidential information belonging to the sender that is legally protected. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or contact MedSynergies, Inc. at postmas...@medsynergies.com.
Re: ANS4174E error
Each backup session backs up some control information, and that information is restored for use during the next backup. (You can see the restores happening if you watch the server during the backup, or if you look in the accounting info.) I'm just guessing, but I suspect that the "data unavailable on server" is because it can't restore that control info. Perhaps some volumes in your disk pool are offline, or the control information has migrated off to tape? If the latter, you need to put these keywords in the dsm.opt on your datamover: VMMCyour-mgmt-class-for-data-goes-here VMCTLMC your-mgmt-class-for-control-info-goes-here The control info mgmt. class should point to a small disk pool that can't migrate to tape. Wanda Prather TSM Consultant ICF International Enterprise and Cybersecurity Systems Division -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of McWilliams, Eric Sent: Wednesday, February 25, 2015 11:16 AM To: ADSM-L@VM.MARIST.EDU Subject: [ADSM-L] ANS4174E error I'm trying to back up some VM's using DP for VM 7.1.1.0 and am getting an error on some of the VM's and the backup is failing. I've asked Uncle Google and can't find much. I would contact IBM support but I get very little help from them as well. 02/25/2015 09:35:07 ANS9351E Data was not available on server and was skipped. 02/25/2015 09:35:07 ANS4174E Full VM backup of VMware Virtual Machine 'Hamilton' failed with RC=14 mode=Incremental Forever - Incremental, target node name='VCENTER_COTX', data mover node name='VCENTER_COTX_DM' 02/25/2015 09:35:08 02/25/2015 09:35:08 ANS1228E Sending of object 'Hamilton' failed. 02/25/2015 09:35:08 ANS1314E File data currently unavailable on server Any help would be greatly appreciated. Thanks, Eric ** *** CONFIDENTIALITY NOTICE *** This message and any included attachments are from MedSynergies, Inc. and are intended only for the addressee. The contents of this message contain confidential information belonging to the sender that is legally protected. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or contact MedSynergies, Inc. at postmas...@medsynergies.com.
Re: Privilege escalation bug
The body of the bulletin I received states that the affected platforms are AIX, HP-UX, Linux, Solaris, and Mac. -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Zoltan Forray Sent: Wednesday, February 25, 2015 12:12 PM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] Privilege escalation bug Does not specifically say if it includes SOLARIS (only says "*UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors.*"). Do I assume since it says "UNIX" SOLARIS is includes? We have some old Domino Solaris boxes (supposed to go away some time soon) still running 6.1.3 On Wed, Feb 25, 2015 at 10:56 AM, Thomas Denier wrote: > I received a security bulletin from IBM yesterday regarding "Tivoli > Storage Manager Stack-based Buffer Overflow Elevation of Privilege: > CVE-2014-6184". The affected version/release combinations listed in > the bulletin run from 5.4 to 6.3. We still have one Linux system with > 5.3 client code. Can I treat the list of affected releases as an > explicit assurance that the 5.3 client does not have the vulnerability > discussed in the bulletin? The alternative possibility that worries me > is that 5.4 is the oldest level IBM thought it worthwhile to check. > > Thomas Denier > Thomas Jefferson University > The information contained in this transmission contains privileged and > confidential information. It is intended only for the use of the > person named above. If you are not the intended recipient, you are > hereby notified that any review, dissemination, distribution or > duplication of this communication is strictly prohibited. If you are > not the intended recipient, please contact the sender by reply email > and destroy all copies of the original message. > > CAUTION: Intended recipients should NOT use email communication for > emergent or urgent health care matters. > -- *Zoltan Forray* TSM Software & Hardware Administrator Hobbit / Xymon Administrator Virginia Commonwealth University UCC/Office of Technology Services zfor...@vcu.edu - 804-828-4807 Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. For more details visit http://infosecurity.vcu.edu/phishing.html The information contained in this transmission contains privileged and confidential information. It is intended only for the use of the person named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. CAUTION: Intended recipients should NOT use email communication for emergent or urgent health care matters.
Re: Privilege escalation bug
That is my assumption as well. Fortunately IBM has started renewing Solaris x86 clients again. On Wed, Feb 25, 2015 at 12:11:39PM -0500, Zoltan Forray wrote: > Does not specifically say if it includes SOLARIS (only says "*UNIX, Linux, > and OS X allows local users to gain privileges via unspecified vectors.*"). > Do I assume since it says "UNIX" SOLARIS is includes? We have some old > Domino Solaris boxes (supposed to go away some time soon) still running > 6.1.3 > > > > On Wed, Feb 25, 2015 at 10:56 AM, Thomas Denier > wrote: > > > I received a security bulletin from IBM yesterday regarding "Tivoli > > Storage Manager Stack-based Buffer Overflow Elevation of Privilege: > > CVE-2014-6184". The affected version/release combinations listed in the > > bulletin run from 5.4 to 6.3. We still have one Linux system with 5.3 > > client code. Can I treat the list of affected releases as an explicit > > assurance that the 5.3 client does not have the vulnerability discussed in > > the bulletin? The alternative possibility that worries me is that 5.4 is > > the oldest level IBM thought it worthwhile to check. > > > > Thomas Denier > > Thomas Jefferson University > > The information contained in this transmission contains privileged and > > confidential information. It is intended only for the use of the person > > named above. If you are not the intended recipient, you are hereby notified > > that any review, dissemination, distribution or duplication of this > > communication is strictly prohibited. If you are not the intended > > recipient, please contact the sender by reply email and destroy all copies > > of the original message. > > > > CAUTION: Intended recipients should NOT use email communication for > > emergent or urgent health care matters. > > > > > > -- > *Zoltan Forray* > TSM Software & Hardware Administrator > Hobbit / Xymon Administrator > Virginia Commonwealth University > UCC/Office of Technology Services > zfor...@vcu.edu - 804-828-4807 > Don't be a phishing victim - VCU and other reputable organizations will > never use email to request that you reply with your password, social > security number or confidential personal information. For more details > visit http://infosecurity.vcu.edu/phishing.html -- -- Skylar Thompson (skyl...@u.washington.edu) -- Genome Sciences Department, System Administrator -- Foege Building S046, (206)-685-7354 -- University of Washington School of Medicine
Re: Privilege escalation bug
Does not specifically say if it includes SOLARIS (only says "*UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors.*"). Do I assume since it says "UNIX" SOLARIS is includes? We have some old Domino Solaris boxes (supposed to go away some time soon) still running 6.1.3 On Wed, Feb 25, 2015 at 10:56 AM, Thomas Denier wrote: > I received a security bulletin from IBM yesterday regarding "Tivoli > Storage Manager Stack-based Buffer Overflow Elevation of Privilege: > CVE-2014-6184". The affected version/release combinations listed in the > bulletin run from 5.4 to 6.3. We still have one Linux system with 5.3 > client code. Can I treat the list of affected releases as an explicit > assurance that the 5.3 client does not have the vulnerability discussed in > the bulletin? The alternative possibility that worries me is that 5.4 is > the oldest level IBM thought it worthwhile to check. > > Thomas Denier > Thomas Jefferson University > The information contained in this transmission contains privileged and > confidential information. It is intended only for the use of the person > named above. If you are not the intended recipient, you are hereby notified > that any review, dissemination, distribution or duplication of this > communication is strictly prohibited. If you are not the intended > recipient, please contact the sender by reply email and destroy all copies > of the original message. > > CAUTION: Intended recipients should NOT use email communication for > emergent or urgent health care matters. > -- *Zoltan Forray* TSM Software & Hardware Administrator Hobbit / Xymon Administrator Virginia Commonwealth University UCC/Office of Technology Services zfor...@vcu.edu - 804-828-4807 Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. For more details visit http://infosecurity.vcu.edu/phishing.html
Re: Privilege escalation bug
TSM 6.1 and all Version 5 releases are past normal end of support. The security bulletin advises customers with support extensions on 5.4, 5.5, or 6.1 to contact IBM Support. -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Vandeventer, Harold [OITS] Sent: Wednesday, February 25, 2015 11:58 AM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] Privilege escalation bug Is the 5.3 release so old that it is considered "not in support"? -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Thomas Denier Sent: Wednesday, February 25, 2015 9:56 AM To: ADSM-L@VM.MARIST.EDU Subject: [ADSM-L] Privilege escalation bug I received a security bulletin from IBM yesterday regarding "Tivoli Storage Manager Stack-based Buffer Overflow Elevation of Privilege: CVE-2014-6184". The affected version/release combinations listed in the bulletin run from 5.4 to 6.3. We still have one Linux system with 5.3 client code. Can I treat the list of affected releases as an explicit assurance that the 5.3 client does not have the vulnerability discussed in the bulletin? The alternative possibility that worries me is that 5.4 is the oldest level IBM thought it worthwhile to check. Thomas Denier Thomas Jefferson University The information contained in this transmission contains privileged and confidential information. It is intended only for the use of the person named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. CAUTION: Intended recipients should NOT use email communication for emergent or urgent health care matters. [Confidentiality notice:] *** This e-mail message, including attachments, if any, is intended for the person or entity to which it is addressed and may contain confidential or privileged information. Any unauthorized review, use, or disclosure is prohibited. If you are not the intended recipient, please contact the sender and destroy the original message, including all copies, Thank you. ***
Re: Privilege escalation bug
Is the 5.3 release so old that it is considered "not in support"? -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Thomas Denier Sent: Wednesday, February 25, 2015 9:56 AM To: ADSM-L@VM.MARIST.EDU Subject: [ADSM-L] Privilege escalation bug I received a security bulletin from IBM yesterday regarding "Tivoli Storage Manager Stack-based Buffer Overflow Elevation of Privilege: CVE-2014-6184". The affected version/release combinations listed in the bulletin run from 5.4 to 6.3. We still have one Linux system with 5.3 client code. Can I treat the list of affected releases as an explicit assurance that the 5.3 client does not have the vulnerability discussed in the bulletin? The alternative possibility that worries me is that 5.4 is the oldest level IBM thought it worthwhile to check. Thomas Denier Thomas Jefferson University The information contained in this transmission contains privileged and confidential information. It is intended only for the use of the person named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. CAUTION: Intended recipients should NOT use email communication for emergent or urgent health care matters. [Confidentiality notice:] *** This e-mail message, including attachments, if any, is intended for the person or entity to which it is addressed and may contain confidential or privileged information. Any unauthorized review, use, or disclosure is prohibited. If you are not the intended recipient, please contact the sender and destroy the original message, including all copies, Thank you. ***
ANS4174E error
I'm trying to back up some VM's using DP for VM 7.1.1.0 and am getting an error on some of the VM's and the backup is failing. I've asked Uncle Google and can't find much. I would contact IBM support but I get very little help from them as well. 02/25/2015 09:35:07 ANS9351E Data was not available on server and was skipped. 02/25/2015 09:35:07 ANS4174E Full VM backup of VMware Virtual Machine 'Hamilton' failed with RC=14 mode=Incremental Forever - Incremental, target node name='VCENTER_COTX', data mover node name='VCENTER_COTX_DM' 02/25/2015 09:35:08 02/25/2015 09:35:08 ANS1228E Sending of object 'Hamilton' failed. 02/25/2015 09:35:08 ANS1314E File data currently unavailable on server Any help would be greatly appreciated. Thanks, Eric ** *** CONFIDENTIALITY NOTICE *** This message and any included attachments are from MedSynergies, Inc. and are intended only for the addressee. The contents of this message contain confidential information belonging to the sender that is legally protected. Unauthorized forwarding, printing, copying, distribution, or use of such information is strictly prohibited and may be unlawful. If you are not the addressee, please promptly delete this message and notify the sender of the delivery error by e-mail or contact MedSynergies, Inc. at postmas...@medsynergies.com.
Privilege escalation bug
I received a security bulletin from IBM yesterday regarding "Tivoli Storage Manager Stack-based Buffer Overflow Elevation of Privilege: CVE-2014-6184". The affected version/release combinations listed in the bulletin run from 5.4 to 6.3. We still have one Linux system with 5.3 client code. Can I treat the list of affected releases as an explicit assurance that the 5.3 client does not have the vulnerability discussed in the bulletin? The alternative possibility that worries me is that 5.4 is the oldest level IBM thought it worthwhile to check. Thomas Denier Thomas Jefferson University The information contained in this transmission contains privileged and confidential information. It is intended only for the use of the person named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. CAUTION: Intended recipients should NOT use email communication for emergent or urgent health care matters.
Re: TSM v6.3 schema for log table
Seems to be. This is what I get from a "Q LOG F=D" 10:17:31 AM HADES : q log f=d Active Log Directory: /tsmlog Total Space(MB): 65,536 Used Space(MB): 569 Free Space(MB): 64,967 Archive Log Directory: /tsmarchlog Total Size of File System (MB): 201,586.68 Space Used on File System (MB): 18,709.09 Free Space(MB): 182,877.59 Mirror Log Directory: Total Size of File System (MB): Space Used on File System (MB): Free Space(MB): Archive Failover Log Directory: Total Size of File System (MB): Space Used on File System (MB): Free Space(MB): This is a .csv output from TSMManager Database Explorer utility of the LOG table: ACTIVE_LOG_DIR,AFAILOVER_FREE_FS_MB,AFAILOVER_LOG_DIR,AFAILOVER_TOL_FS_MB,AFAILOVER_USED_FS_MB,ARCHLOG_FREE_FS_MB,ARCHLOG_TOL_FS_MB,ARCHLOG_USED_FS_MB,ARCH_LOG_DIR,FREE_SPACE_MB,MIRLOG_FREE_FS_MB,MIRLOG_TOL_FS_MB,MIRLOG_USED_FS_MB,MIRROR_LOG_DIR,TOTAL_SPACE_MB,USED_SPACE_MB, "/tsmlog","","","","","182877.00","201586.00","18709.00","/tsmarchlog","64967.00","","","","","65536.00","569.00", On Wed, Feb 25, 2015 at 9:43 AM, Rhodes, Richard L. < rrho...@firstenergycorp.com> wrote: > The v6.3 schema has the following entries: > > TSMDB1 LOG ACTIVE_LOG_DIR VARCHAR 220 > TSMDB1 LOG AFAILOVER_FREE_FS_MB DECIMAL 10 > TSMDB1 LOG FAILOVER_LOG_DIR VARCHAR 220 > TSMDB1 LOG AFAILOVER_TOL_FS_MB DECIMAL 10 > TSMDB1 LOG AFAILOVER_USED_FS_MB DECIMAL 10 > TSMDB1 LOG ARCHLOG_FREE_FS_MB DECIMAL 10 > TSMDB1 LOG ARCHLOG_TOL_FS_MBDECIMAL 10 > TSMDB1 LOG ARCHLOG_USED_FS_MB DECIMAL 10 > TSMDB1 LOG ARCH_LOG_DIR VARCHAR 220 > TSMDB1 LOG FREE_SPACE_MBDECIMAL 10 > TSMDB1 LOG MIRLOG_FREE_FS_MBDECIMAL 10 > TSMDB1 LOG MIRLOG_TOL_FS_MB DECIMAL 10 > TSMDB1 LOG MIRLOG_USED_FS_MBDECIMAL 10 > TSMDB1 LOG MIRROR_LOG_DIR VARCHAR 220 > TSMDB1 LOG TOTAL_SPACE_MB DECIMAL 10 > TSMDB1 LOG USED_SPACE_MBDECIMAL 10 > > Is this correct - that free_space_mb, total_space_mb, and used_space_mb > apply to active_log_dir?? That is, the MB for these entries are related to > the ACTIVE_LOG_DIR _only_. I assume this because failover, arch and mir > log entries have their own MB entries. > > Thanks > > Rick > > > > - > > The information contained in this message is intended only for the > personal and confidential use of the recipient(s) named above. If the > reader of this message is not the intended recipient or an agent > responsible for delivering it to the intended recipient, you are hereby > notified that you have received this document in error and that any review, > dissemination, distribution, or copying of this message is strictly > prohibited. If you have received this communication in error, please notify > us immediately, and delete the original message. > -- *Zoltan Forray* TSM Software & Hardware Administrator Hobbit / Xymon Administrator Virginia Commonwealth University UCC/Office of Technology Services zfor...@vcu.edu - 804-828-4807 Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. For more details visit http://infosecurity.vcu.edu/phishing.html
TSM v6.3 schema for log table
The v6.3 schema has the following entries: TSMDB1 LOG ACTIVE_LOG_DIR VARCHAR 220 TSMDB1 LOG AFAILOVER_FREE_FS_MB DECIMAL 10 TSMDB1 LOG FAILOVER_LOG_DIR VARCHAR 220 TSMDB1 LOG AFAILOVER_TOL_FS_MB DECIMAL 10 TSMDB1 LOG AFAILOVER_USED_FS_MB DECIMAL 10 TSMDB1 LOG ARCHLOG_FREE_FS_MB DECIMAL 10 TSMDB1 LOG ARCHLOG_TOL_FS_MBDECIMAL 10 TSMDB1 LOG ARCHLOG_USED_FS_MB DECIMAL 10 TSMDB1 LOG ARCH_LOG_DIR VARCHAR 220 TSMDB1 LOG FREE_SPACE_MBDECIMAL 10 TSMDB1 LOG MIRLOG_FREE_FS_MBDECIMAL 10 TSMDB1 LOG MIRLOG_TOL_FS_MB DECIMAL 10 TSMDB1 LOG MIRLOG_USED_FS_MBDECIMAL 10 TSMDB1 LOG MIRROR_LOG_DIR VARCHAR 220 TSMDB1 LOG TOTAL_SPACE_MB DECIMAL 10 TSMDB1 LOG USED_SPACE_MBDECIMAL 10 Is this correct - that free_space_mb, total_space_mb, and used_space_mb apply to active_log_dir?? That is, the MB for these entries are related to the ACTIVE_LOG_DIR _only_. I assume this because failover, arch and mir log entries have their own MB entries. Thanks Rick - The information contained in this message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately, and delete the original message.
Re: TSM VE question
Hello Robert, That message is nothing to worry about. Configuring TSM for VE using the IBM-supplied wizard only provisions one VMCLI node, even when there are multiple data movers in the configuration. Regards, __ Matthew McGeary Technical Specialist - Operations PotashCorp T: (306) 933-8921 www.potashcorp.com From: Robert Ouzen To: ADSM-L@VM.MARIST.EDU Date: 02/25/2015 04:44 AM Subject:[ADSM-L] TSM VE question Sent by:"ADSM: Dist Stor Manager" Hi o all I am backing my VMware environment with TSM for VE 7.1.1.0. I have two data movers VMPROXY and VMPROXY2 . My configuration is as: · CLDVCENTER o VMCLI § MYSITE_DATACENTER · LOC_MP_WIN / LOC_MP_LNX o VMPROXY o VMPROXY2 Every time I access thru one of my data mover I see in the actlog this entry: 02/25/2015 11:30:03 ANR1639I Attributes changed for node VMCLI: TCP Name from VMPROXY2 to VMPROXY, TCP Address from XXX.XX.XX.XX to YYY.YY.YY.YY, GUID from xx.xx.xx.xx.xx.xx.xx.xx.xx to yy.yy.yy.yy.yy.yy.yy.yy.yy (SESSION: 109625) I wonder if is the correct configuration (by the way it’s working well) or need another VMCLI Best Regards Robert
TSM VE question
Hi o all I am backing my VMware environment with TSM for VE 7.1.1.0. I have two data movers VMPROXY and VMPROXY2 . My configuration is as: · CLDVCENTER o VMCLI § MYSITE_DATACENTER · LOC_MP_WIN / LOC_MP_LNX o VMPROXY o VMPROXY2 Every time I access thru one of my data mover I see in the actlog this entry: 02/25/2015 11:30:03 ANR1639I Attributes changed for node VMCLI: TCP Name from VMPROXY2 to VMPROXY, TCP Address from XXX.XX.XX.XX to YYY.YY.YY.YY, GUID from xx.xx.xx.xx.xx.xx.xx.xx.xx to yy.yy.yy.yy.yy.yy.yy.yy.yy (SESSION: 109625) I wonder if is the correct configuration (by the way it’s working well) or need another VMCLI Best Regards Robert