Vulnerabilities > CVE-2013-6335 - Improper Preservation of Permissions vulnerability in IBM Tivoli Storage Manager

047910
CVSS 3.3 - LOW
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE

Summary

The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.

Vulnerable Configurations

Part Description Count
Application
Ibm
56
OS
Ibm
1
OS
Linux
1
OS
Hp
1
OS
Oracle
1

Common Weakness Enumeration (CWE)

Nessus

NASL familyMisc.
NASL idTIVOLI_STORAGE_MANAGER_CLIENT_7102.NASL
descriptionThe version of Tivoli Storage Manager Client installed on the remote Linux host is affected by an unauthorized file access vulnerability. A flaw exists with the Tivoli Backup-Archive client when restoring Space Management file metadata. A local attacker can exploit this flaw to gain access to the restored files.
last seen2020-06-01
modified2020-06-02
plugin id77529
published2014-09-04
reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/77529
titleIBM Tivoli Storage Manager Client Metadata Local File Access Information Disclosure