CVE Vulnerabilities

CVE-2017-1301

Improper Link Resolution Before File Access ('Link Following')

Published: Oct 05, 2017 | Modified: Oct 25, 2017
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
3.6 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.

Weakness

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

Name Vendor Start Version End Version
Tivoli_storage_manager Ibm 6.3.6.100 6.3.6.100
Tivoli_storage_manager Ibm 6.4.2 6.4.2
Tivoli_storage_manager Ibm 7.1.0.1 7.1.0.1
Tivoli_storage_manager Ibm 7.1.5 7.1.5
Tivoli_storage_manager Ibm 6.4.2.100 6.4.2.100
Tivoli_storage_manager Ibm 6.3 6.3
Tivoli_storage_manager Ibm 6.1 6.1
Tivoli_storage_manager Ibm 6.1.5.5 6.1.5.5
Tivoli_storage_manager Ibm 6.3.5.1 6.3.5.1
Tivoli_storage_manager Ibm 7.1.0.2 7.1.0.2
Tivoli_storage_manager Ibm 6.1.5.6 6.1.5.6
Tivoli_storage_manager Ibm 6.4.2.500 6.4.2.500
Tivoli_storage_manager Ibm 6.4.3.1 6.4.3.1
Tivoli_storage_manager Ibm 6.1.3 6.1.3
Tivoli_storage_manager Ibm 7.1.3.1 7.1.3.1
Tivoli_storage_manager Ibm 6.4.3 6.4.3
Tivoli_storage_manager Ibm 7.1.4 7.1.4
Tivoli_storage_manager Ibm 6.1.5.4 6.1.5.4
Tivoli_storage_manager Ibm 6.3.1 6.3.1
Tivoli_storage_manager Ibm 6.3.0.15 6.3.0.15
Tivoli_storage_manager Ibm 6.3.1.2 6.3.1.2
Tivoli_storage_manager Ibm 6.3.5 6.3.5
Tivoli_storage_manager Ibm 7.1.4.2 7.1.4.2
Tivoli_storage_manager Ibm 7.1.0.3 7.1.0.3
Tivoli_storage_manager Ibm 6.3.0.17 6.3.0.17
Tivoli_storage_manager Ibm 7.1.1.1 7.1.1.1
Tivoli_storage_manager Ibm 8.1.0 8.1.0
Tivoli_storage_manager Ibm 6.1.4 6.1.4
Tivoli_storage_manager Ibm 6.4.2.600 6.4.2.600
Tivoli_storage_manager Ibm 6.2.3 6.2.3
Tivoli_storage_manager Ibm 7.1.3.000 7.1.3.000
Tivoli_storage_manager Ibm 6.3.6 6.3.6
Tivoli_storage_manager Ibm 7.1.1.200 7.1.1.200
Tivoli_storage_manager Ibm 6.3.3 6.3.3
Tivoli_storage_manager Ibm 6.3.0.5 6.3.0.5
Tivoli_storage_manager Ibm 7.1.1 7.1.1
Tivoli_storage_manager Ibm 7.1..5.100 7.1..5.100
Tivoli_storage_manager Ibm 7.1.3.2 7.1.3.2
Tivoli_storage_manager Ibm 6.1.2 6.1.2
Tivoli_storage_manager Ibm 6.3.4 6.3.4
Tivoli_storage_manager Ibm 6.1.1 6.1.1
Tivoli_storage_manager Ibm 6.4.2.200 6.4.2.200
Tivoli_storage_manager Ibm 6.3.2.2 6.3.2.2
Tivoli_storage_manager Ibm 6.2.0 6.2.0
Tivoli_storage_manager Ibm 7.1.4.1 7.1.4.1
Tivoli_storage_manager Ibm 6.2.2 6.2.2
Tivoli_storage_manager Ibm 7.1.1.100 7.1.1.100
Tivoli_storage_manager Ibm 6.1.5 6.1.5
Tivoli_storage_manager Ibm 7.1.3 7.1.3
Tivoli_storage_manager Ibm 6.1.0 6.1.0
Tivoli_storage_manager Ibm 7.1.1.300 7.1.1.300
Tivoli_storage_manager Ibm 6.2.4 6.2.4
Tivoli_storage_manager Ibm 7.1.5.200 7.1.5.200
Tivoli_storage_manager Ibm 6.4.1.0 6.4.1.0
Tivoli_storage_manager Ibm 7.1.1.2 7.1.1.2
Tivoli_storage_manager Ibm 7.1.6 7.1.6
Tivoli_storage_manager Ibm 6.2.1 6.2.1
Tivoli_storage_manager Ibm 7.1.3.100 7.1.3.100
Tivoli_storage_manager Ibm 7.1 7.1
Tivoli_storage_manager Ibm 6.4.1 6.4.1
Tivoli_storage_manager Ibm 8.1.0.2 8.1.0.2
Tivoli_storage_manager Ibm 7.1.6.6 7.1.6.6

Potential Mitigations

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

References