IBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop group privileges, which allows local users to bypass intended file-access restrictions by leveraging (1) gid 0 or (2) roots group memberships.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Spss_modeler | Ibm | 16.0.0.0 (including) | 16.0.0.0 (including) |