Vigil@nce - IBM TSM: file access on ReFS
February 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can access to files located on a ReFS file system
restored by IBM TSM, in order to read or alter them.
Impacted products: Tivoli Storage Manager
Severity: 2/4
Creation date: 22/01/2014
DESCRIPTION OF THE VULNERABILITY
The ReFS (Resilient File System) file system is supported by
Windows Server 2012 and 8.1.
However, when the Tivoli Storage Manager Windows Client restores a
file on ReFS, its permissions are not restored.
A local attacker can therefore access to files located on a ReFS
file system restored by IBM TSM, in order to read or alter them.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/IBM-TSM-file-access-on-ReFS-14119