IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. IBM X-Force ID: 125163.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tivoli_storage_manager | Ibm | 6.3.6.100 | 6.3.6.100 |
Tivoli_storage_manager | Ibm | 6.4.2 | 6.4.2 |
Tivoli_storage_manager | Ibm | 7.1.0.1 | 7.1.0.1 |
Tivoli_storage_manager | Ibm | 7.1.5 | 7.1.5 |
Tivoli_storage_manager | Ibm | 6.4.2.100 | 6.4.2.100 |
Tivoli_storage_manager | Ibm | 6.3 | 6.3 |
Tivoli_storage_manager | Ibm | 6.1 | 6.1 |
Tivoli_storage_manager | Ibm | 6.1.5.5 | 6.1.5.5 |
Tivoli_storage_manager | Ibm | 6.3.5.1 | 6.3.5.1 |
Tivoli_storage_manager | Ibm | 7.1.0.2 | 7.1.0.2 |
Tivoli_storage_manager | Ibm | 6.1.5.6 | 6.1.5.6 |
Tivoli_storage_manager | Ibm | 6.4.2.500 | 6.4.2.500 |
Tivoli_storage_manager | Ibm | 6.4.3.1 | 6.4.3.1 |
Tivoli_storage_manager | Ibm | 6.1.3 | 6.1.3 |
Tivoli_storage_manager | Ibm | 7.1.3.1 | 7.1.3.1 |
Tivoli_storage_manager | Ibm | 6.4.3 | 6.4.3 |
Tivoli_storage_manager | Ibm | 7.1.4 | 7.1.4 |
Tivoli_storage_manager | Ibm | 6.1.5.4 | 6.1.5.4 |
Tivoli_storage_manager | Ibm | 6.3.1 | 6.3.1 |
Tivoli_storage_manager | Ibm | 6.3.0.15 | 6.3.0.15 |
Tivoli_storage_manager | Ibm | 6.3.1.2 | 6.3.1.2 |
Tivoli_storage_manager | Ibm | 6.3.5 | 6.3.5 |
Tivoli_storage_manager | Ibm | 7.1.4.2 | 7.1.4.2 |
Tivoli_storage_manager | Ibm | 7.1.0.3 | 7.1.0.3 |
Tivoli_storage_manager | Ibm | 6.3.0.17 | 6.3.0.17 |
Tivoli_storage_manager | Ibm | 7.1.1.1 | 7.1.1.1 |
Tivoli_storage_manager | Ibm | 8.1.0 | 8.1.0 |
Tivoli_storage_manager | Ibm | 6.1.4 | 6.1.4 |
Tivoli_storage_manager | Ibm | 6.4.2.600 | 6.4.2.600 |
Tivoli_storage_manager | Ibm | 6.2.3 | 6.2.3 |
Tivoli_storage_manager | Ibm | 7.1.3.000 | 7.1.3.000 |
Tivoli_storage_manager | Ibm | 6.3.6 | 6.3.6 |
Tivoli_storage_manager | Ibm | 7.1.1.200 | 7.1.1.200 |
Tivoli_storage_manager | Ibm | 6.3.3 | 6.3.3 |
Tivoli_storage_manager | Ibm | 6.3.0.5 | 6.3.0.5 |
Tivoli_storage_manager | Ibm | 7.1.1 | 7.1.1 |
Tivoli_storage_manager | Ibm | 7.1..5.100 | 7.1..5.100 |
Tivoli_storage_manager | Ibm | 7.1.3.2 | 7.1.3.2 |
Tivoli_storage_manager | Ibm | 6.1.2 | 6.1.2 |
Tivoli_storage_manager | Ibm | 6.3.4 | 6.3.4 |
Tivoli_storage_manager | Ibm | 6.1.1 | 6.1.1 |
Tivoli_storage_manager | Ibm | 6.4.2.200 | 6.4.2.200 |
Tivoli_storage_manager | Ibm | 6.3.2.2 | 6.3.2.2 |
Tivoli_storage_manager | Ibm | 6.2.0 | 6.2.0 |
Tivoli_storage_manager | Ibm | 7.1.4.1 | 7.1.4.1 |
Tivoli_storage_manager | Ibm | 6.2.2 | 6.2.2 |
Tivoli_storage_manager | Ibm | 7.1.1.100 | 7.1.1.100 |
Tivoli_storage_manager | Ibm | 6.1.5 | 6.1.5 |
Tivoli_storage_manager | Ibm | 7.1.3 | 7.1.3 |
Tivoli_storage_manager | Ibm | 6.1.0 | 6.1.0 |
Tivoli_storage_manager | Ibm | 7.1.1.300 | 7.1.1.300 |
Tivoli_storage_manager | Ibm | 6.2.4 | 6.2.4 |
Tivoli_storage_manager | Ibm | 7.1.5.200 | 7.1.5.200 |
Tivoli_storage_manager | Ibm | 6.4.1.0 | 6.4.1.0 |
Tivoli_storage_manager | Ibm | 7.1.1.2 | 7.1.1.2 |
Tivoli_storage_manager | Ibm | 7.1.6 | 7.1.6 |
Tivoli_storage_manager | Ibm | 6.2.1 | 6.2.1 |
Tivoli_storage_manager | Ibm | 7.1.3.100 | 7.1.3.100 |
Tivoli_storage_manager | Ibm | 7.1 | 7.1 |
Tivoli_storage_manager | Ibm | 6.4.1 | 6.4.1 |
Tivoli_storage_manager | Ibm | 8.1.0.2 | 8.1.0.2 |
Tivoli_storage_manager | Ibm | 7.1.6.6 | 7.1.6.6 |