Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM7787D5AE3EF1E6BB46CF9AB3F6AC97AAC2017E06C1450A09CD08E9DCD81FC176
HistoryJun 17, 2018 - 2:55 p.m.

Security Bulletin: Tivoli Storage Manager UNIX and Linux Client Local Escalation of Privilege Security Vulnerability (CVE-2014-4813)

2018-06-1714:55:51
www.ibm.com
16

EPSS

0

Percentile

5.1%

JSON

Summary

Local escalation of privilege security vulnerability in Tivoli Storage Manager UNIX and Linux clients.

Vulnerability Details

CVEID:_ _CVE-2014-4813
DESCRIPTION:
IBM Tivoli Storage Manager (TSM) UNIX and Linux clients could allow a local attacker to increase their privileges caused by a race condition. An attacker could exploit this vulnerability to obtain root level access.

CVSS Base Score: 6.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95389&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C )

Affected Products and Versions

  • TSM Client 7.1.0.0 through 7.1.0.x
  • TSM Client 6.4.0.0 through 6.4.2.0
  • TSM Client 6.3.0.0 through 6.3.2.2
  • TSM Client 6.2.0.0 through 6.2.5.3
  • TSM Client 6.1.0.0 through 6.1.5.6
  • TSM Client 5.5.0.0 through 5.5.4.3
  • TSM Client 5.4.0.0 through 5.4.3.6

Remediation/Fixes

TSM Release

| First Fixing VRMF Level|Client Platform|APAR|Link to fix
—|—|—|—|—
7.1

| 7.1.1

| AIX
HP-UX
Linux
Solaris
Mac| IT04140

| <http://www-01.ibm.com/support/docview.wss?uid=swg21667934&gt;

6.4| 6.4.2.1| AIX
HP-UX
Linux
Solaris
Mac| IT04140| <http://www-01.ibm.com/support/docview.wss?uid=swg24038504&gt;
6.3

| 6.3.2.3

| AIX
HP-UX
Linux
Solaris
Mac| IT04140

| <http://www-01.ibm.com/support/docview.wss?uid=swg24037930&gt;

6.2| 6.2.5.4| AIX
HP-UX
Linux
Solaris
Mac| IT04140| <http://www.ibm.com/support/docview.wss?uid=swg24036287&gt;
6.1| 6.1.5.7| AIX
HP-UX
Linux
Solaris
Mac| IT04140| Customers with support extensions on 6.1 should contact IBM Support.
5.5| 5.5.4.4| AIX
HP-UX
Linux
Solaris
Mac| IT04140| Customers with support extensions on 5.5 should contact IBM Support.
5.4| 5.4.3.7| AIX
HP-UX
Linux
Solaris
Mac| IT04140| Customers with support extensions on 5.4 should contact IBM Support.
7.1 B/A clients in 7.1 TSM for Space Mangement package| 7.1.1| AIX
Linux x86| IT04140| <http://www.ibm.com/support/docview.wss?uid=swg24039451&gt;
6.4 B/A clients in 6.4 TSM for Space Mangement package| 6.4.2.1| AIX
Linux x86| IT04140| <http://www.ibm.com/support/docview.wss?uid=swg24039454&gt;
6.3 B/A clients in 6.3 TSM for Space Management package| 6.3.2.3| AIX
Linux x86| IT04140| <http://www.ibm.com/support/docview.wss?uid=swg24038153&gt;
6.2 B/A clients in 6.2 TSM for Space Management package| 6.2.5.4| AIX
Linux x86| IT04140| http://www.ibm.com/support/docview.wss?uid=swg24036287
6.1 B/A clients in 6.1 TSM for Space Management package| 6.1.5.7| HP-UX
Solaris| IT04140| <http://www.ibm.com/support/docview.wss?uid=swg24031758&gt;
6.1 B/A clients in 6.1 TSM for Space Management package| none, beyond support| AIX
Linux x86|
| Upgrade to fixing level or apply workaround.
5.5 and lower B/A clients and 5.5 and lower TSM Space Management | none, beyond support| AIX
Linux x86
HP-UX
Solaris|
| Upgrade to fixing level or apply workaround.

Workarounds and Mitigations

Remove the Trusted Communications Agent (TCA), module dsmtca, from the TSM client machine. This will disable all non root users from running the TSM Client.

Related

cvelist 1
cve 1
prion 1
nvd 1
cvelist
cvelist
CVE-2014-4813
2015-02-13 02:00:00
cve
cve
CVE-2014-4813
2015-02-13 02:59:03
prion
prion
Race condition
2015-02-13 02:59:00
nvd
nvd
CVE-2014-4813
2015-02-13 02:59:03

EPSS

0

Percentile

5.1%

JSON
Related for 7787D5AE3EF1E6BB46CF9AB3F6AC97AAC2017E06C1450A09CD08E9DCD81FC176
cvelist1cve1prion1nvd1