IBM Sterling Connect:Direct for UNIX could allow a user who is authorized for limited system privileges to attack through the ndmauth modules taking advantage of a buffer overflow vulnerability to manipulate CD UNIX and obtain root privileges.
CVEID:CVE-2020-4587
**DESCRIPTION:**IBM Sterling Connect:Direct for UNIX is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184578 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Connect:Direct for UNIX | 6.1.0 |
IBM Connect:Direct for UNIX | 6.0.0 |
IBM Sterling Connect:Direct for UNIX | 4.3.0 |
IBM Sterling Connect:Direct for UNIX | 4.2.0 |
V.R.M.F | APAR | Remediation/First Fix |
---|---|---|
6.1.0 | IT33840 | Apply 6.1.0.0.iFix028, available in cumulative iFix031 on Fix Central |
6.0.0 | IT33840 | Apply 6.0.0.2.iFix057, available in cumulative iFix060 on Fix Central |
4.3.0 | IT33840 | Apply 4.3.0.1.iFix062, available in cumulative iFix063 on Fix Central |
4.2.0 | IT33840 | Apply 4.2.0.5.iFix045, available on Fix Central |
None