IBM459E0AD6E1E115F9F97486FD8292B7244CAD77430519154679C8BF340860431DSecurity Bulletin: DB2 local escalation of privilege vulnerability affects Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-5995)
EPSS
Percentile
17.6%
Summary
Tivoli Storage Manager (IBM Spectrum Protect) Server is affected by an IBM DB2 software vulnerability that can result in a local user gaining root level access to which the user is not entitled.
Vulnerability Details
CVEID: CVE-2016-5995**
DESCRIPTION:** DB2 for Linux, Unix and Windows is vulnerable to a privilege escalation due to code being built with binaries with libraries in insecure locations. A local user could place a malicious library in a location that a SETGID or SETUID binary would execute and gain root level access.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/116653 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
This vulnerability affects the following IBM Tivoli Storage Manager (IBM Spectrum Protect) Server levels:
- 7.1.0.0 through 7.1.7.0 on AIX, HP-UX, and Linux platforms only
- 6.3.0.0 through 6.3.6.0 on Linux platforms only
Note that this vulnerability has been fixed in 8.1.0.0.
_ _
Remediation/Fixes
Tivoli Storage Manager Server Release
| Fixing
VRM
Level|**_
Platform_|Link to Fix / Fix Availability Target**
—|—|—|—
7.1| 7.1.7.100| AIX
HP-UX
Linux| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+Storage+Manager&release=7.1.7.100&platform=All&function=all
6.3| 6.3.6.100| Linux| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+Storage+Manager&release=6.3.6.100&platform=All&function=all
Workarounds and Mitigations
None
Related
EPSS
Percentile
17.6%