[WinPartners] Notice of TSM Backup Client Security Vulnerabilities

TSM Systems Team tsm-systems at mit.edu
Fri Sep 28 11:21:13 EDT 2007 

Good Morning.

Information Services and Technology (IS&T) has been notified by IBM Tivoli that two security vulnerabilities exist in the IBM Tivoli Storage Manager (TSM) backup client software Version 5.4.0 and earlier that were previously available from the MIT software distribution web page at http://web.mit.edu/software .

While users most affected are the TSM Macintosh users running scheduled backups (see note 3 below), IS&T recommends all TSM clients update to Version 5.4.1.2 which includes fixes for these security vulnerabilities. 

The MIT software distribution web page, http://web.mit.edu/software , has been updated with this new TSM client release for Linux, Macintosh and Windows. To download other TSM clients, go to:  http://web.mit.edu/tsmsystems/download.html . 

According to IBM, these vulnerabilities affect three client interfaces:

1) Backup-Archive 'server-initiated prompted' scheduling (At MIT, we use the 'client polling' method which is not affected.)

2) The Web client GUI, which uses the CAD (Client Acceptor Daemon)  (At MIT, the TSM web client is not configured for use by default. If you use the TSM web client, you need to upgrade to TSM 5.4.1.2 to avoid having your machine at risk.)

3) Backup-Archive client scheduling using the CAD (CAD managed scheduling)  (At MIT: By default on Macintosh, scheduled backups use the CAD (Client Acceptor Daemon) to initiate the TSM scheduler. Therefore, all Macintosh users that run scheduled backups must upgrade to TSM 5.4.1.2.  Although TSM Windows and Linux/Unix clients have the CAD function available, it is not the default method used for scheduled backups when TSM is installed on those platforms.  If you are using the CAD for scheduled backups, you need to upgrade to TSM 5.4.1.2. If you are not sure, the safest path is to upgrade the TSM client.)   
 
For a detailed summary of this alert, go to http://www-1.ibm.com/support/docview.wss?uid=swg21268775  

If you have questions regarding this TSM alert, please contact tsm-systems at mit.edu . If you need assistance upgrading to TSM 5.4.1.2, please contact the Computing Help Desk at computing-help at mit.edu or (617) 253-1101. 

Respectively,
Dave Kalenderian &
Patrick Whitney

TSM Systems Team
Information Services and Technology
W91-213
tsm-systems at mit.edu

More information about the winpartners mailing list