Lucene search

IbmCVE-2015-7442

HistoryJan 02, 2016 - 5:59 a.m.

CVE-2015-7442

2016-01-0205:59:07

CWE-264

ibm

web.nvd.nist.gov

ibm

installation manager

cve-2015-7442

security vulnerability

local users

privileges

trojan horse

/tmp

pid

nvd

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

5.1%

JSON

consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value.

Affected configurations

Nvd

Node

ibminstallation_managerMatch1.7.4.3

ibminstallation_managerMatch1.8.0.0

ibminstallation_managerMatch1.8.1.0

ibminstallation_managerMatch1.8.2.0

ibminstallation_managerMatch1.8.2.1

ibminstallation_managerMatch1.8.3.0

ibmpackaging_utilityRange≤1.7.4.3

ibmpackaging_utilityMatch1.8.0.0

ibmpackaging_utilityMatch1.8.1.0

ibmpackaging_utilityMatch1.8.2.0

ibmpackaging_utilityMatch1.8.2.1

ibmpackaging_utilityMatch1.8.3.0

VendorProductVersionCPE
ibminstallation_manager1.7.4.3cpe:2.3:a:ibm:installation_manager:1.7.4.3:*:*:*:*:*:*:*
ibminstallation_manager1.8.0.0cpe:2.3:a:ibm:installation_manager:1.8.0.0:*:*:*:*:*:*:*
ibminstallation_manager1.8.1.0cpe:2.3:a:ibm:installation_manager:1.8.1.0:*:*:*:*:*:*:*
ibminstallation_manager1.8.2.0cpe:2.3:a:ibm:installation_manager:1.8.2.0:*:*:*:*:*:*:*
ibminstallation_manager1.8.2.1cpe:2.3:a:ibm:installation_manager:1.8.2.1:*:*:*:*:*:*:*
ibminstallation_manager1.8.3.0cpe:2.3:a:ibm:installation_manager:1.8.3.0:*:*:*:*:*:*:*
ibmpackaging_utility*cpe:2.3:a:ibm:packaging_utility:*:*:*:*:*:*:*:*
ibmpackaging_utility1.8.0.0cpe:2.3:a:ibm:packaging_utility:1.8.0.0:*:*:*:*:*:*:*
ibmpackaging_utility1.8.1.0cpe:2.3:a:ibm:packaging_utility:1.8.1.0:*:*:*:*:*:*:*
ibmpackaging_utility1.8.2.0cpe:2.3:a:ibm:packaging_utility:1.8.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	installation_manager	1.7.4.3	cpe:2.3:a:ibm:installation_manager:1.7.4.3:::::::*
ibm	installation_manager	1.8.0.0	cpe:2.3:a:ibm:installation_manager:1.8.0.0:::::::*
ibm	installation_manager	1.8.1.0	cpe:2.3:a:ibm:installation_manager:1.8.1.0:::::::*
ibm	installation_manager	1.8.2.0	cpe:2.3:a:ibm:installation_manager:1.8.2.0:::::::*
ibm	installation_manager	1.8.2.1	cpe:2.3:a:ibm:installation_manager:1.8.2.1:::::::*
ibm	installation_manager	1.8.3.0	cpe:2.3:a:ibm:installation_manager:1.8.3.0:::::::*
ibm	packaging_utility	*	cpe:2.3:a:ibm:packaging_utility::::::::
ibm	packaging_utility	1.8.0.0	cpe:2.3:a:ibm:packaging_utility:1.8.0.0:::::::*
ibm	packaging_utility	1.8.1.0	cpe:2.3:a:ibm:packaging_utility:1.8.1.0:::::::*
ibm	packaging_utility	1.8.2.0	cpe:2.3:a:ibm:packaging_utility:1.8.2.0:::::::*

Rows per page:

1-10 of 121

References

www-01.ibm.com/support/docview.wss?uid=swg21971295

www.securityfocus.com/bid/77558

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2015-7442