Buffer overflows are possible in IBM Rational ClearCase, which could lead to privilege escalation on a VOB or view server host or a CCRC WAN server.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE ID:CVE-2014-0829
Description:
Buffer overflows are possible in IBM Rational ClearCase, which could lead to privilege escalation on a VOB or view server host or a CCRC WAN server. They could lead to remote code execution as root on a UNIX or Linux VOB or view server, and remote code execution as a logged-in user on a CCRC WAN server.
CVSS Base Score: 6.0 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90568> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)
IBM Rational ClearCase versions 7.0.0, 7.0.1 (all fix packs), 7.1.1 (all fix packs), 7.1.2 through** **7.1.2.12, 8.0.0 through 8.0.0.9, and 8.0.1 through 8.0.1.2
The solution is to upgrade to a newer fix pack of ClearCase. Please see below for information on the fixes available.
Fixes:
Systems running 7.1.0, 7.1.1: upgrade to Rational ClearCase Fix Pack 13 (7.1.2.13) for 7.1.2.
Note: 7.1.2.13 inter-operates with all 7.1.1.x systems, and can be installed in the same way as 7.1.1.x fix packs.
For the 7.0.0 and 7.0.1 releases of IBM Rational ClearCase, contact IBM support for additional details on the fix.
For CCRC WAN Server: disable interactive triggers in your VOBs until you have applied a fix.