|
Note September 27, 2007: Security Problem Forces Client Updates
We have been informed of a security exposure in the Tivoli Storage
Manager client software, in a part called the Client Acceptor Daemon.
Because this security hole exists in the client software, rather than
the server software, we cannot fix it. Instead you have to fix it -- you must update to the newest versions of the TSM client for your platform.
The CAD exists in the TSM client on all modern platforms, including
Windows, Macintosh, and all Unix including Linux. This
vulnerability directly applies to all UIC Mac OS X TSM users, and
it could possibly affect any other platform as well. The only platforms
this does not affect are obsolete; the CAD does not run on Windows
95, 98, or Me, or on Mac OS9.
Our own installation Web pages only tell you to use the CAD on Macs. But the IBM manuals for all
platforms do tell you how to use it on all platforms, and some people at UIC have used it on other platforms because it
conserves some resources on your machine. Verifying whether or not you
are using it is somewhat complicated.
We have uploaded the fixed versions to ADSM Download and
ftp.uic.edu.
We strongly urge everyone to install the new client version for their platform
right away. Otherwise your machine is vulnerable to being hacked via the
TSM Client Acceptor Daemon, now that the existence of this security hole
has been published.
In most cases, the new version can simply be installed on top of the
previous version, and all your settings will be saved. You will need to
reboot after upgrading, in order for the automatic scheduler to be
restarted with the new fixed code.
|
