IBM2528D86EB69EC21AFF29DC4F768671C448DFEA39590B1A2821EDB2DA77B57957Security Bulletin: Vulnerability in IBM Rational ClearCase remote client with potential for privilege escalation (CVE-2013-5373)
EPSS
Percentile
5.1%
Summary
A privilege escalation vulnerability exists in the IBM Rational ClearCase remote client command line script.
Vulnerability Details
| Subscribe to My Notifications to be notified of important product support alerts like this.
- Follow this link for more information (requires login with your IBM ID)
—|—
CVE ID:CVE-2013-5373
**DESCRIPTION:**A file permissions problem with a script installed by default with IBM Rational ClearCase could be exploited by a local user to insert additional commands into the script. These commands would be executed by other users (privileged or unprivileged) that execute the script, leading to privilege escalation.
CVSS Base Score: 6.9 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/86791> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Affected Products and Versions
Rational ClearCase 8.0.0.3 through 8.0.0.7, and 8.0.1.
Remediation/Fixes
Upgrade to one of the below versions of IBM Rational ClearCase:
- Rational ClearCase Fix Pack 8 (8.0.0.8) for 8.0
- 4035657: Rational ClearCase Fix Pack 1 (8.0.1.1) for 8.0.1
Workarounds and Mitigations
Workaround: Remove group and world write permissions from the following two files on all hosts with the RemoteClient installation:
/opt/rational/clearcase/RemoteClient/rcleartool/opt/rational/clearcase/RemoteClient/rclearto``ol``.conf
**Mitigation:**Do not execute the script without first examining its contents and those of the associated conf file.
Related
