Vulnerabilities > CVE-2013-6335 - Improper Preservation of Permissions vulnerability in IBM Tivoli Storage Manager
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Misc. |
| NASL id | TIVOLI_STORAGE_MANAGER_CLIENT_7102.NASL |
| description | The version of Tivoli Storage Manager Client installed on the remote Linux host is affected by an unauthorized file access vulnerability. A flaw exists with the Tivoli Backup-Archive client when restoring Space Management file metadata. A local attacker can exploit this flaw to gain access to the restored files. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 77529 |
| published | 2014-09-04 |
| reporter | This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/77529 |
| title | IBM Tivoli Storage Manager Client Metadata Local File Access Information Disclosure |