IBM Support

IT04251: CONFIDENTIAL DATA EXPOSURE WHEN RESTORING MICROSOFT EXCHANGE MAILBOXES WHICH HAVE THE SAME ALIAS DEFINED CVE-2015-4950

A fix is available

Download Information: Version 4.1.1 Tivoli Storage FlashCopy Manager

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • *VULNERABILITY SUMMARY*

In environments with duplicated mailbox aliases, FlashCopy
Manager for Microsoft Exchange and Data Protection for
Microsoft Exchange may open and restore the wrong
mailbox.

*VULNERABILITY DETAILS*

IBM Tivoli Storage FlashCopy Manager, Tivoli Storage Manager for
Mail, and Tivoli Storage Manager FastBack for Microsoft Exchange
could allow a local user with elevated privileges to obtain
sensitive information by manipulating mailbox names that share
the same alias.

For example:

Mailbox Display Name Alias
mailbox1             Sales
mailbox2             sales

When two mailboxes have the same alias, users may encounter the
following problems when using affected software:

- the Mailbox Restore Browser interface may populate mailboxes
with the folders and messages from a different mailbox than
the one intended

- restoring a mailbox via the CLI interface, using the alias
instead of the mailbox display name, may restore a different
mailbox than the one intended

the mailbox history may not correctly represent the mailboxes
that share the same alias

Local fix

  • Use the Exchange Management Console or Powershell commands to
rename the duplicated mailbox alias to a unique value.

Problem summary

  • ****************************************************************
USERS AFFECTED
.
All users of :
.
- Tivoli Storage Manager for Mail: Data Protection for Microsoft
Exchange Server 6.1, 6.3, 6.4, and 7.1
.

.
who have more than one mailbox display name using the same
alias.
****************************************************************
PROBLEM DESCRIPTION
.
See ERROR DESCRIPTION
.


For additional details, refer to the security bulleting
published here:
http://www.ibm.com/support/docview.wss?uid=swg21963629
****************************************************************
RECOMENDATION:
.
Apply fixing level when available. This fix is currently
projected to be available in:
.

- Tivoli Storage Manager for Mail: Data Protection for Microsoft
Exchange Server 6.1.3.6, 6.3.1.3, 6.4.1.4, and 7.1.0.2

- Tivoli Storage FlashCopy Manager for Microsoft Exchange Server
3.1.1.5, 3.2.1.7, 4.1.1
.




Note for FlashCopy Manager 2.1 and 2.2 customers: FlashCopy
Manager customers may install and use a fixed level of the
Tivoli Storage Manager for Mail: Data Protection for Exchange
component fix in their environment. The Data Protection for
Microsoft Exchange fix provides equivalent functionality to
FlashCopy Manager for Microsoft Exchange when used in FlashCopy
Manager environment.
.
.
FlashCopy Manager 2.1 customers can use the Data Protection for
Exchange 6.1.3.6 fix
.
FlashCopy Manager 2.2 customers can use the Data Protection for
Exchange 6.1.3.6 fix
.
FlashCopy Manager 3.1 customers can use the Data Protection for
Exchange 6.3.1.3 fix
FlashCopy Manager 3.2 customers can use the Data Protection for
Exchange 6.4.1.4 fix
.
Note: This information is subject to change at the discretion of
IBM.
****************************************************************

Problem conclusion

  • Data Protection for Microsoft Exchange Server and FlashCopy
Manager for Microsoft Exchange have been updated to correctly
handle restore mailboxes have duplicated aliases.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT04251
    • 

  • Reported component name
    TSM FSB MS EXCH
    • 

  • Reported component ID
    5724FSBMX
    • 

  • Reported release
    71W
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2014-09-07
    • 

  • Closed date
    2014-09-07
    • 

  • Last modified date
    2017-01-17
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
IT04252
    

    • 



Modules/Macros


    

  • TDPECXX

    



Fix information


    

  • Fixed component name
    TDP EXCHANGE WI
    • 

  • Fixed component ID
    5698DPXAP
    • 



Applicable component levels


    

  • R71W  PSY
       UP
    • 

  • R64W  PSY
       UP
    • 

  • R63W  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSTG2D","label":"Tivoli Storage Manager for Mail"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"71W","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            17 January 2017
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback