A privilege escalation vulnerability exists in the IBM Rational ClearCase remote client command line script.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE ID:CVE-2013-5373
**DESCRIPTION:**A file permissions problem with a script installed by default with IBM Rational ClearCase could be exploited by a local user to insert additional commands into the script. These commands would be executed by other users (privileged or unprivileged) that execute the script, leading to privilege escalation.
CVSS Base Score: 6.9 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/86791> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Rational ClearCase 8.0.0.3 through 8.0.0.7, and 8.0.1.
Upgrade to one of the below versions of IBM Rational ClearCase:
Workaround: Remove group and world write permissions from the following two files on all hosts with the RemoteClient installation:
/opt/rational/clearcase/RemoteClient/rcleartool
/opt/rational/clearcase/RemoteClient/rclearto``ol``.conf
**Mitigation:**Do not execute the script without first examining its contents and those of the associated conf file.