The security bulletin was updated on 2013-02-07 to indicate that the
issue affects only 6.3.0.x and 6.4.0.0 (see change history section).
=Dave
Remco Post wrote:
>
> since the security bulletin only mentions 6.3 and 6.4, as affected
> levels, it's safe to assume that 5.5, 6.1 and 6.2 are not affe
since the security bulletin only mentions 6.3 and 6.4, as affected levels, it's
safe to assume that 5.5, 6.1 and 6.2 are not affected, otherwise they would
have been mentioned.
On 6 feb. 2013, at 22:18, Roger Deschner wrote:
> Markus, I wonder if you are confusing the two IBM TSM security noit
Markus, I wonder if you are confusing the two IBM TSM security noitices
that were both sent on the same day. The other one, a denial-of-service
exposure in the Classic Scheduler, mentioned v5.5, 6.1, and 6.2, and it
also mentioned several easy workarounds. We circumvented it by SET
SCHEDMODE POLLIN
http://www-01.ibm.com/support/docview.wss?uid=swg21624135
run the scheduler in polling mode you mean… and use the CAD as scheduler…. BTW,
I think both are sound advice anyway…
What worries me more… what is the definition of a supported client level if
that doesn't include fixing security issue
Hi Zoltan,
have a look at the symantec alerts site and secunia. 6.2.5, 6.3.1 and
6.4.0.1 should be fixed, haven´t found much for Solaris though. Workaround
according to IBM: run scheduler in prompted mode (have real fun) or
manage it by cad.
Regards,
Markus
--
Diese E-Mail enthält vertrau
Where did you get this information? When I read the "Security Bulletin" it
only addresses 6.3.x and 6.4.0. Searching for patches I can only find
6.4.0.1 and 6.3.1.0, per the bulletin. None of the older versions have
been updated.
2013/2/5 Markus Engelhard
> Hi Roger,
>
> according to my infos
Hi Roger,
according to my infos, the vulnerability is reported in versions 5.5.0.0
through 5.5.4.x, 6.1.0.0 through 6.1.5.x, 6.2.0.0 through 6.2.4.x, 6.3.0.x,
and 6.4.0.0.
Regards, Markus
--
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richt
In http://www-01.ibm.com/support/docview.wss?uid=swg21624118
(CVE-2013-0472), IBM warned us of a security exposure in the TSM Web
Client. That document says the vulnerable versions are 6.3.0.x and
6.4.0.0, and the fixing versions are 6.3.1.0 and 6.4.0.1.
It does not answer the question whether ver
On Wed, Jun 15, 2011 at 4:30 PM, Thomas Denier <
thomas.den...@jeffersonhospital.org> wrote:
> I have done cross-system restores using a TSM administrator account
> with system privilege, and the TSM client documentation indicates
> that I could have done the same thing if my account had policy pr
-Hans Christian Riksheim wrote: -
>If I have two customers connected to the same TSM-server, customer A
>can retrieve the data of customer B if he gets hold of a TSM admin
>password.
>
>Besides client side encryption, any method to prevent that?
I have done cross-system restores using a T
Hi,
If I have two customers connected to the same TSM-server, customer A can
retrieve the data of customer B if he gets hold of a TSM admin password.
Besides client side encryption, any method to prevent that?
Regards
Hans Chr. Riksheim
Administrator
University of Chicago
773-702-8464
-Original Message-
From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED] On Behalf Of Andrew
Raibeck
Sent: Thursday, October 30, 2008 5:18 AM
To: ADSM-L@VM.MARIST.EDU
Subject: [ADSM-L] TSM client security flash
Hello all,
I am posting this
Hello all,
I am posting this to notify you that IBM has just published a TSM Client
security flash.
There is a buffer overrun security vulnerability in the TSM Client
acceptor daemon (CAD), and also in the TSM Client scheduler if SCHEDMODE
is set to PROMPTED.
Here is the link to the TSM Client
Geoffrey L." <[EMAIL PROTECTED]>
Sent by: "ADSM: Dist Stor Manager" <[EMAIL PROTECTED]>
21.05.2003 07:03
Please respond to "ADSM: Dist Stor Manager"
To: [EMAIL PROTECTED]
cc:
Subject:Re: Client Security
>-Original Message
14 matches
Mail list logo