Vulnerabilities > CVE-2013-6335 - Improper Preservation of Permissions vulnerability in IBM Tivoli Storage Manager

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ibm
CWE-281
nessus

Summary

The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.

Vulnerable Configurations

Part Description Count
Application
Ibm
57
OS
Ibm
1
OS
Linux
1
OS
Hp
1
OS
Oracle
1

Common Weakness Enumeration (CWE)

Nessus

NASL familyMisc.
NASL idTIVOLI_STORAGE_MANAGER_CLIENT_7102.NASL
descriptionThe version of Tivoli Storage Manager Client installed on the remote Linux host is affected by an unauthorized file access vulnerability. A flaw exists with the Tivoli Backup-Archive client when restoring Space Management file metadata. A local attacker can exploit this flaw to gain access to the restored files.
last seen2020-06-01
modified2020-06-02
plugin id77529
published2014-09-04
reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/77529
titleIBM Tivoli Storage Manager Client Metadata Local File Access Information Disclosure