The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file.
Vector
LOCAL
Complexity
LOW
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Ibm Tivoli storage manager 6.3.5 (not an official CPE)
IBM Tivoli Storage Manager 7.1.1
Ibm Tivoli storage manager 7.1.2 (not an official CPE)
IBM Tivoli Storage Manager 7.1
Ibm Tivoli storage manager 6.3.5.1 (not an official CPE)
Ibm Tivoli storage manager 6.3.4 (not an official CPE)
Ibm Tivoli storage manager 6.3.3 (not an official CPE)
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| http://www-01.ibm.com/support/docview.wss?uid=swg2196934... | |||
| 1034044 |
Permissions, Privileges, and Access Controls (ID 264)
Related CAPEC 6
Accessing, Modifying or Executing Executable Files (CAPEC-ID 17)
Leverage Executable Code in Non-Executable Files (CAPEC-ID 35)
Blue Boxing (CAPEC-ID 5)
Restful Privilege Elevation (CAPEC-ID 58)
Target Programs with Elevated Privileges (CAPEC-ID 69)
Manipulating Input to File System Calls (CAPEC-ID 76)