IBM Security Bulletin: DB2 local escalation of privilege vulnerability affects Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-5995)

Tivoli Storage Manager (IBM Spectrum Protect) Server is affected by an IBM DB2 software vulnerability that can result in a local user gaining root level access to which the user is not entitled.

CVE(s): CVE-2016-5995

Affected product(s) and affected version(s):

This vulnerability affects the following IBM Tivoli Storage Manager (IBM Spectrum Protect) Server levels:

  • 7.1.0.0 through 7.1.7.0 on AIX, HP-UX, and Linux platforms only
  • 6.3.0.0 through 6.3.6.0 on Linux platforms only

Note that this vulnerability has been fixed in 8.1.0.0.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2mD7ys7
X-Force Database: http://ift.tt/2ceMBmM

The post IBM Security Bulletin: DB2 local escalation of privilege vulnerability affects Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-5995) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2mDkQVH