Flashes (Alerts)
Abstract
Due to a problem in the Data Protection for Exchange and FlashCopy Manager for Exchange components, once a mailbox is restored into a .PST file, each individual .PST file will be created as expected, but the contents of that .PST file may not be the contents associated with that mailbox name.
Content
VULNERABILITY DETAILS:
DESCRIPTION:
When a Microsoft Exchange email user accidentally deletes an email, folder, or other information from their mailbox, the Microsoft Exchange Administrator can recover these items by restoring the entire user mailbox from backup into a .PST file using either:
- Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server, or
- Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Server
Once the mailbox is restored into a .PST file, the mailbox owner can then use Microsoft Outlook to access the contents of the .PST file as a "Local Copy" of their mail file.
When restoring multiple mailboxes via a single restore operation, the result should be that there is one .PST file per mailbox, named like the mailbox, with the respective mailbox contents restored into that file.
Instead, when performing a restore of multiple mailboxes via single restore operation, each individual .PST file will be created as expected, but the contents of that .PST file may not be the contents associated with that mailbox name.
Therefore, if the Microsoft Exchange Administrator did not discover the restore problem before distributing the .PST files to the respective mailbox owners, the .PST file recipient may receive mailbox contents other than their own.
CVEID: CVE-2013-3976
CVSS Base Score: 1.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/84881 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:S/C:P/I:N/A:N)
AFFECTED PRODUCTS AND VERSIONS:
- Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 and 6.3
- Tivoli Storage FlashCopy Manager: FlashCopy Manager for Microsoft Exchange Sever 2.1, 2.2, and 3.1
REMEDIATION:
Data Protection for Microsoft Exchange Version | First Fixing VRMF Level | APAR | Link to Fix or Other Recommendation |
6.3 | 6.3.1 | IC81223 | ftp://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/tivoli-data-protection/ntexch/v631/windows/ |
6.1 | 6.1.3.4 | IC81223 | ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/tivoli-data-protection/ntexch/v613/ |
FlashCopy Manager for Microsoft Exchange Version | First Fixing VRMF Level | APAR | Link to Fix or Other Recommendation |
3.1 | 3.1.1 | IC81223 | Note that 3.1.1 is no longer available for download. You can download 3.2.1 to obtain this fix:ftp://public.dhe.ibm.com/storage/tivoli-storage-flashcopymanager/maintenance/v3r2/windows/v321/ |
2.2 | N/A | IC81223 |
|
2.1 | N/A | IC81223 |
|
WORKAROUND(S):
Perform restore operations to .PST files by specifying only one mailbox name per operation.
MITIGATION(S):
See Workaround above.
REFERENCES:
Complete CVSS Guide
On-line Calculator V2
CVE-2013-3976
X-Force Vulnerability Database https://exchange.xforce.ibmcloud.com/vulnerabilities/84881
ACKNOWLEDGEMENT
None
CHANGE HISTORY
19 July 2013: Original Copy Published
05 February 2018 - FlashCopy Manager 3.1.1 fix is no longer available for download; update link to point to 3.2.1
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.
Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
[{"Product":{"code":"SS36V9","label":"Tivoli Storage FlashCopy Manager"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"FlashCopy Manager for Microsoft Exchange","Platform":[{"code":"PF033","label":"Windows"}],"Version":"2.1;2.2;2.2.1;3.1","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Product":{"code":"SSTG2D","label":"Tivoli Storage Manager for Mail"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Data Protection for MS Exchange","Platform":[{"code":"","label":""}],"Version":"6.1;6.1.1;6.1.2;6.1.3;6.3","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]
Was this topic helpful?
Document Information
Modified date:
25 September 2022
UID
swg21644407