IBM Security Bulletin: Unauthorized Access Vulnerability affects IBM Tivoli Storage Manager Client (CVE-2016-2894)

When performing an archive and retrieve operation using a symbolic link, the IBM Tivoli Storage Manager (IBM Spectrum Protect) Client could allow a local user to access files they are otherwise not allowed to access.

CVE(s): CVE-2016-2894

Affected product(s) and affected version(s):

The following levels of IBM Tivoli Storage Manager (IBM Spectrum Protect) Client are affected:

  • 7.1.0.0 through 7.1.4.x
    (Note there is no 7.1.5)
  • 6.4.0.0 through 6.4.3.2
  • 6.3.0.0 through 6.3.2.5
  • 6.2, 6.1, and 5.5 all levels (these releases are EOS)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/29754yj
X-Force Database: http://ift.tt/29tktaN



from IBM Product Security Incident Response Team http://ift.tt/2974yR5