I wrote a note to the author of the notice since the URL given does not
contain a NetView link -- it is basically the distribution mechanism for
Framework patches but that is not the way NetView distributes e-fixes.
I suggested he follow up with a link to AskTivoli where we could look up
the APAR number. He responded that he referred my note to support but
so far, six days later, that APAR number does not show up in AskTivoli.
I hope there will be more coming on the topic and that the APAR will
soon be entered into the database.
If I were exposed to this, that is I were supporting a lot of customized
traps on a Unix system, I'd give Tivoli Support a call immediately; they
may have the e-fix but the web site update is delayed.
Ardino, Frank J CPC43 wrote:
> I received this notice the other day. Is this something that needs to been
> done ASAP or is there more coming on this? Has anyone had this problem?
>
> This is to notify you of a potential security exposure in the Tivoli
> NetView Distributed product and the Tivoli e-fix that is available to
> correct this exposure.
>
> To avoid any possible exploit of this issue, we suggest that you apply
> an e-fix, available starting August 8th, 2001 on the Tivoli Support web
> site at <http://www.tivoli.com/support/downloads/> Reference the following
> APAR number: IY21527. We also suggest that access to NetView trap
> definitions be carefully controlled.
>
--
Bill Evans -- Consultant in Enterprise Systems Management
reply-to: wvevans@prodigy.net (or Bill_Evans@sra.com)
Phone: 919-696-7513
|