IBM Security Bulletin: IBM Spectrum Protect (formerly Tivoli Storage Manager) Unix Clients are vulnerable to unauthorized access to files by non-privileged users (CVE-2017-1301)

IBM Spectrum Protect (formerlyTivoli Storage Manager) Unix Clients may use a symbolic link to provide non-privileged users access to files that require root privileges.

CVE(s): CVE-2017-1301

Affected product(s) and affected version(s):

The following versions of the IBM Spectrum Protect (formerly Tivoli Storage Manager) Client are affected:

  • 8.1.0.0 through 8.1.0.2
  • 7.1.0.0 through 7.1.6.6 – AIX, HP-UX, Linux x86, and Solaris platforms
    7.1.0.0 through 7.1.6.7 – Macintosh platform
  • 6.4 and below all levels (6.4 and below are EOS)

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2y7TOg3
X-Force Database: http://ift.tt/2y6a6WD

The post IBM Security Bulletin: IBM Spectrum Protect (formerly Tivoli Storage Manager) Unix Clients are vulnerable to unauthorized access to files by non-privileged users (CVE-2017-1301) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2i6yOCi