Privilege escalation vulnerability in an IBM Tivoli Monitoring (ITM) agent could be exploited by a local user to gain elevated privilege of another user. This vulnerability also affects a shared library shipped with all ITM components and agents.
CVEID: CVE-2013-5467
Description: Privilege escalation vulnerability could be exploited by a local user to gain elevated privilege of another user.
CVSS Base Score: 6.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/88370> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Monitoring Agent for UNIX Logs version 6.2.3 through 6.2.3 Fix Pack 04
Monitoring Agent for UNIX Logs version 6.2.2 through 6.2.2 Fix Pack 09
Monitoring Agent for UNIX Logsversion 6.2.1 through 6.2.1 Fix Pack 04
Monitoring Agent for UNIX Logs version 6.2.0 through 6.2.0 Fix Pack 03
Monitoring Agent for UNIX Logs is not shipped as part of ITM 6.30
Utility shipped as part of the monitoring server and a binary shipped as part of the Shared Libraries included with all IBM Tivoli Monitoring components and agents. These are affected only on UNIX and Linux:
Monitoring Server (ms) and Shared Libraries (ax) version 6.3.0 through 6.3.0 Fix Pack 01
Monitoring Server (ms) and Shared Libraries (ax) version 6.2.3 through 6.2.3 Fix Pack 01
Monitoring Server (ms) and Shared Libraries (ax) version 6.2.2 through 6.2.2 Fix Pack 08
Monitoring Server (ms) and Shared Libraries (ax) version 6.2.1 through 6.2.1 Fix Pack 04
Monitoring Server (ms) and Shared Libraries (ax) version 6.2.0 through 6.2.0 Fix Pack 03
The following fixes are for the Monitoring Agent for UNIX Logs:
Fix
| VRMF|How to acquire fix
—|—|—
N/A| 6.3.0| Does not ship in 6.3.0.
6.2.3-TIV-ITM_FP0005| 6.2.3| __<http://www.ibm.com/support/docview.wss?uid=swg24035801>__
6.2.2.9-TIV-ITM_UXLOG-IF0002 | 6.2.2| http://www.ibm.com/support/docview.wss?uid=swg24037225
For versions 6.20 and 6.21, contact IBM Support.
The following fixes are for the utility shipped as part of the monitoring server and the shared library included with all ITM components and agents on UNIX and Linux. Fix | VRMF | How to acquire fix |
---|---|---|
6.3.0-TIV-ITM-FP0002 | 6.3.0 | http://www.ibm.com/support/docview.wss?uid=swg24035402 |
6.2.3-TIV-ITM-FP0002 | 6.2.3 | http://www.ibm.com/support/docview.wss?uid=swg24032429 |
6.2.2-TIV-ITM_FP0009 | 6.2.2 | http://www.ibm.com/support/docview.wss?uid=swg24032067 |
For versions 6.20 and 6.21, contact IBM Support. |
The technote Upgrading Shared Components for IBM Tivoli Monitoring Agents provides instructions on updating the IBM Tivoli Monitoring Shared Libraries for agents not included in the Fix Packs above.
Contact IBM Support for options.