Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2009.1150 A password security vulnerability exists on Tivoli Key Lifecycle Manager V1. 7 August 2009 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Tivoli Key Lifecycle Manager Publisher: IBM Operating System: AIX Linux variants Solaris Windows Impact/Access: Administrator Compromise -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2009-2667 Original Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg1IZ56515 - --------------------------BEGIN INCLUDED TEXT-------------------- IZ56515: A POTENTIAL SECURITY VULNERABILITY IDENTIFIED ON TKLM V1 DISTRIBUTED PLATFORMS ONLY APAR status Closed as program error. Error description Product: TKLM V1 DISTRIBUTED PLATFORMS Description: A password security vulnerability exists on Tivoli Key Lifecycle Manager V1. This vulnerability applies to the AIX, Linux, Solaris, and Windows platforms. Local fix Level 3 to update Problem summary Tivoli Key Lifecycle Manager V1.0 provides an Administrator Userid, TKLMAdmin, that authorizes Administrators to view and use the Tivoli Key Lifecycle Manager interface. After successfully installing Tivoli Key Lifecycle Manager, the documentation states that the Administrator password must be changed. If you have not reset or changed this password after installation, the potential exists for an unauthorized user to gain access to your system. If the password has been changed, the vulnerability has been mitigated. If the password has not been changed, it is recommended that you change it immediately. Follow the steps below to change the TKLMAdmin password. As the Administrator of the system where Tivoli Key Lifecycle Manager is running: 1. First, back up the TIP_HOME/profiles/TIPProfile/config/cells/TIPCell/fileRegistry.x ml file. Changing the value of the password changes this registry file. 2. Change the password. (newpassword' in commands below refers to the new password selected for future use) Take these steps: Windows systems a. Start a wsadmin session using the Jython syntax. For example, type: TIP_HOME/bin/wsadmin -conntype none -profileName TIPProfile -lang jython b. Reset the password for the tklmadmin user ID: wsadmin>print AdminTask.changeFileRegistryAccountPassword ('-userId tklmadmin -password newpassword') c Save the change and exit: wsadmin>print AdminConfig.save() wsadmin>exit Systems such as Linux or AIX a. Start a wsadmin session using the Jython syntax. For example, type: TIP_HOME/bin/wsadmin.sh -conntype none -profileName TIPProfile -lang jython b. Reset the password for the tklmadmin user ID: wsadmin>print AdminTask.changeFileRegistryAccountPassword ('-userId tklmadmin -password newpassword') c. Save the change and exit: wsadmin>print AdminConfig.save() wsadmin>exit 3. Stop and then start the server. See Starting and stopping the Tivoli Key Lifecycle Manager server on distributed systems in TKLM Installation and Configuration guide (section titled post-installation steps) for details. 4. Verify that you can log in as the specified administrator using the new password. IBM has also made a fix available, when installed, requires this password to be changed. That fix can be found at Fix Central 1.0.0-TIV-TKLM-IF0001A Problem conclusion | interim fix | 1.0.0-TIV-TKLM-IF0001A Temporary fix Comments APAR information APAR number IZ56515 Reported component name KEY LIFECYCLE M Reported component ID 5724T6000 Reported release 100 Status CLOSED PER PE NoPE HIPER NoHIPER Special Attention NoSpecatt Submitted date 2009-08-03 Closed date 2009-08-03 Last modified date 2009-08-03 APAR is sysrouted FROM one or more of the following: APAR is sysrouted TO one or more of the following: Modules/Macros Publications Referenced Fix information Fixed component name KEY LIFECYCLE M Fixed component ID 5724T6000 Applicable component levels R100 PSY UP Copyright and trademark information IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFKe8eTNVH5XJJInbgRAr8yAJ9TzkKLtzRBVgX4J5zPl/lMDMwxCQCeL7xC GGCO1exe70beNmROYVH607Q= =Uw3J -----END PGP SIGNATURE-----