IBM Security Bulletin: IBM Spectrum Protect (formerly Tivoli Storage Manager) Unix Clients are vulnerable to unauthorized access to files by non-privileged users (CVE-2017-1301)
IBM Spectrum Protect (formerlyTivoli Storage Manager) Unix Clients may use a symbolic link to provide non-privileged users access to files that require root privileges.
CVE(s): CVE-2017-1301
Affected product(s) and affected version(s):
The following versions of the IBM Spectrum Protect (formerly Tivoli Storage Manager) Client are affected:
- 8.1.0.0 through 8.1.0.2
- 7.1.0.0 through 7.1.6.6 – AIX, HP-UX, Linux x86, and Solaris platforms
7.1.0.0 through 7.1.6.7 – Macintosh platform - 6.4 and below all levels (6.4 and below are EOS)
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2y7TOg3
X-Force Database: http://ift.tt/2y6a6WD
The post IBM Security Bulletin: IBM Spectrum Protect (formerly Tivoli Storage Manager) Unix Clients are vulnerable to unauthorized access to files by non-privileged users (CVE-2017-1301) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2i6yOCi