Lucene search

IBM6583546A7A89E38BD54753232C1261614908CAB219566A0AB9D60A4B2A84FC01

HistorySep 25, 2022 - 8:45 p.m.

Security Bulletin: TSM Client Scheduler Denial Of Service Vulnerability (CVE-2013-0471)

2022-09-2520:45:36

www.ibm.com

ibm tivoli storage manager

denial of service

remote attacker

scheduled backups

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS

0.006

Percentile

78.9%

JSON

Abstract

A Denial of Service vulnerability exists in the IBM Tivoli Storage Manager (TSM) client traditional scheduler

Content

**DESCRIPTION:**A Denial of Service vulnerability in the TSM client traditional scheduler allows a remote attacker to disable the traditional scheduler when it is in Prompted mode (SCHEDMODE=PROMPTED). Once disabled, no more schedules (such as scheduled backups) will be run, and the TSM server log will show that schedules for that node are missed.

**CVEID:*CVE-2013-0471
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81215
for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

AFFECTED PRODUCTS AND VERSIONS:

TSM Client 6.4.0.0
TSM Client 6.3.0.x
TSM Client 6.2.0.0 through 6.2.4.x
TSM Client 6.1.0.0 through 6.1.5.x
TSM Client 5.5.0.0 through 5.5.4.x
all previous releases, which are unsupported

REMEDIATION:

*TSM Release*	*First Fixing VRMF Level*	*Client* *Platform*	*APAR*	*Link to fix*
6.4	6.4.0.1	All	IC87331	http://www.ibm.com/support/docview.wss?uid=swg24034276
6.3	6.3.1.0	All	IC87331	_<http://www.ibm.com/support/docview.wss?uid=swg24034109>_
6.2	6.2.5.0	All	IC87331	<http://www.ibm.com/support/docview.wss?uid=swg24034630>
6.1	None

Upgrade to fixing 6.3 or 6.4 client, or use workarounds
5.5	None

Upgrade to fixing 6.3 or 6.4 client, or use workarounds
5.4 and previous	None

No longer in support
Upgrade to fixing 6.3 or 6.4 client, or use workarounds

Workaround(s):
One of the following:

If using the traditional scheduler, set the SCHEDMODE option value to POLLING, which is the default value, in the client options file or on the command line
Configure the scheduler to be managed by Client Acceptor Daemon (CAD), by specifying ‘MANAGEDSERVICES SCHEDULE’ or ‘MANAGEDSERVICES SCHEDULE WEBCLIENT’ in the client options file

Mitigation(s):
See Workarounds above.

REFERENCES:
· Complete CVSS Guide
· On-line Calculator V2_ _
· CVE-2013-0471__ __
· _X-Force Vulnerability Database __<https://exchange.xforce.ibmcloud.com/vulnerabilities/81215>_

ACKNOWLEDGEMENT
None

CHANGE HISTORY
31 January 2013: Original Copy Published
8 February 2013: Added ‘One of the following:’ to the beginning of the Workaround section, to clarify that either bulleted item is a workaround.
6 June 2013: Added hyperlink to 6.2.5 download
18 August 2015: Fixed link to CVSS doc

_*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _

_Note: _According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY

[{“Product”:{“code”:“SSGSG7”,“label”:“Tivoli Storage Manager”},“Business Unit”:{“code”:“BU058”,“label”:“IBM Infrastructure w/TPS”},“Component”:“Client”,“Platform”:[{“code”:“PF025”,“label”:“Platform Independent”}],“Version”:“5.5;6.1;6.2;6.3;6.4”,“Edition”:“”,“Line of Business”:{“code”:“LOB26”,“label”:“Storage”}},{“Product”:{“code”:“SSSR2R”,“label”:“Tivoli Storage Manager for Space Management”},“Business Unit”:{“code”:“BU058”,“label”:“IBM Infrastructure w/TPS”},“Component”:" “,“Platform”:[{“code”:“PF002”,“label”:“AIX”},{“code”:“PF016”,“label”:“Linux”}],“Version”:“5.5;6.1;6.2;6.3;6.4”,“Edition”:”“,“Line of Business”:{“code”:“LOB26”,“label”:“Storage”}},{“Product”:{“code”:“SSSQWC”,“label”:“Tivoli Storage Manager Extended Edition”},“Business Unit”:{“code”:“BU058”,“label”:“IBM Infrastructure w/TPS”},“Component”:“Client”,“Platform”:[{“code”:“PF002”,“label”:“AIX”},{“code”:“PF010”,“label”:“HP-UX”},{“code”:“PF016”,“label”:“Linux”},{“code”:“PF027”,“label”:“Solaris”},{“code”:“PF033”,“label”:“Windows”},{“code”:“PF017”,“label”:“Mac OS”}],“Version”:“6.2;5.5;6.1;6.3;6.4”,“Edition”:”“,“Line of Business”:{“code”:“LOB26”,“label”:“Storage”}},{“Product”:{“code”:“SSAT9S”,“label”:“IBM System Storage Archive Manager”},“Business Unit”:{“code”:“BU058”,“label”:“IBM Infrastructure w/TPS”},“Component”:” “,“Platform”:[{“code”:“PF002”,“label”:“AIX”},{“code”:“PF010”,“label”:“HP-UX”},{“code”:“PF016”,“label”:“Linux”},{“code”:“PF027”,“label”:“Solaris”},{“code”:“PF033”,“label”:“Windows”},{“code”:“PF017”,“label”:“Mac OS”}],“Version”:”“,“Edition”:”",“Line of Business”:{“code”:“LOB26”,“label”:“Storage”}}]

Affected configurations

Vulners

Node

ibmtivoli_storage_managerMatch5.5

ibmtivoli_storage_managerMatch6.1

ibmtivoli_storage_managerMatch6.2

ibmtivoli_storage_managerMatch6.3

ibmtivoli_storage_managerMatch6.4

ibmtivoli_storage_manager_for_space_managementMatch5.5

ibmtivoli_storage_manager_for_space_managementMatch6.1

ibmtivoli_storage_manager_for_space_managementMatch6.2

ibmtivoli_storage_manager_for_space_managementMatch6.3

ibmtivoli_storage_manager_for_space_managementMatch6.4

ibmtivoli_storage_managerMatch6.2

ibmtivoli_storage_managerMatch5.5

ibmtivoli_storage_managerMatch6.1

ibmtivoli_storage_managerMatch6.3

ibmtivoli_storage_managerMatch6.4

ibmsystem_storage_ds3524Matchany

VendorProductVersionCPE
ibmtivoli_storage_manager5.5cpe:2.3:a:ibm:tivoli_storage_manager:5.5:*:*:*:*:*:*:*
ibmtivoli_storage_manager6.1cpe:2.3:a:ibm:tivoli_storage_manager:6.1:*:*:*:*:*:*:*
ibmtivoli_storage_manager6.2cpe:2.3:a:ibm:tivoli_storage_manager:6.2:*:*:*:*:*:*:*
ibmtivoli_storage_manager6.3cpe:2.3:a:ibm:tivoli_storage_manager:6.3:*:*:*:*:*:*:*
ibmtivoli_storage_manager6.4cpe:2.3:a:ibm:tivoli_storage_manager:6.4:*:*:*:*:*:*:*
ibmtivoli_storage_manager_for_space_management5.5cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:5.5:*:*:*:*:*:*:*
ibmtivoli_storage_manager_for_space_management6.1cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:6.1:*:*:*:*:*:*:*
ibmtivoli_storage_manager_for_space_management6.2cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:6.2:*:*:*:*:*:*:*
ibmtivoli_storage_manager_for_space_management6.3cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:6.3:*:*:*:*:*:*:*
ibmtivoli_storage_manager_for_space_management6.4cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:6.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_storage_manager	5.5	cpe:2.3:a:ibm:tivoli_storage_manager:5.5:::::::*
ibm	tivoli_storage_manager	6.1	cpe:2.3:a:ibm:tivoli_storage_manager:6.1:::::::*
ibm	tivoli_storage_manager	6.2	cpe:2.3:a:ibm:tivoli_storage_manager:6.2:::::::*
ibm	tivoli_storage_manager	6.3	cpe:2.3:a:ibm:tivoli_storage_manager:6.3:::::::*
ibm	tivoli_storage_manager	6.4	cpe:2.3:a:ibm:tivoli_storage_manager:6.4:::::::*
ibm	tivoli_storage_manager_for_space_management	5.5	cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:5.5:::::::*
ibm	tivoli_storage_manager_for_space_management	6.1	cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:6.1:::::::*
ibm	tivoli_storage_manager_for_space_management	6.2	cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:6.2:::::::*
ibm	tivoli_storage_manager_for_space_management	6.3	cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:6.3:::::::*
ibm	tivoli_storage_manager_for_space_management	6.4	cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:6.4:::::::*