IBM2313FB5E0B580F13BA6514177D6B8E580107AD51C5D779E77A8BCF9E66DCF0FESecurity Bulletin: Incorrect permissions on CIT files in IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments (CVE-2018-2025)
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
Summary
The IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client creates directories/files in the CIT directory that have insecure permissions.
Vulnerability Details
CVEID:CVE-2018-2025
**DESCRIPTION:**IBM Spectrum Protect Client creates directories/files in the CIT sub directory that are read/writable by everyone.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/155551 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Spectrum Protect (formerly Tivoli Storage Manager) Backup-Archive Client | 8.1.0.0-8.1.8.0 |
| 7.1.0.0-7.1.8.5 | |
| IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware | 8.1.0.0-8.1.8.0 |
| 7.1.0.0-7.1.8.5 | |
| IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V | 8.1.0.0-8.1.8.0 |
| 7.1.0.0-7.1.8.0 |
Remediation/Fixes
Backup-Archive
Client Release |
First Fixing VRM Level
| APAR | Platform | Link to Fix
—|—|—|—|—
8.1 | 8.1.9 | IT27337 | AIX
Linux
Macintosh
Solaris
Windows |
<http://www.ibm.com/support/docview.wss?uid=ibm11108473>
7.1 | 7.1.8.6 | IT27337 | AIX
HP-UX
Linux
Macintosh
Solaris
Windows |
<http://www.ibm.com/support/docview.wss?uid=swg24044550>
Data Protection for VMware Release | First Fixing
VRM Level | APAR | Platform | Link to Fix
—|—|—|—|—
8.1 | 8.1.9 | IT27400 | Linux
Windows |
<http://www.ibm.com/support/docview.wss?uid=ibm11072396>
7.1 | 7.1.8.6 | IT27400 | Linux
Windows |
Data Protection for VMware 7.1 customers can upgrade to Data Protection for VMware 7.1.8.6 or apply the above 7.1.8.6 client fix.
Data Protection for VMware 7.1.8.6 link:
<https://www.ibm.com/support/docview.wss?uid=swg24044553>
Client 7.1.8.6 link:
<http://www.ibm.com/support/docview.wss?uid=swg24044550>
Data Protection for Hyper-V Release |
First Fixing__** VRM Level**
| APAR | Platform | Link to Fix
—|—|—|—|—
8.1 | 8.1.9 | IT27401 | Windows | <http://www.ibm.com/support/docview.wss?uid=ibm11072396>
7.1 | | | Windows |
Apply the above 7.1.8.6 client fix using the following link:
<http://www.ibm.com/support/docview.wss?uid=swg24044550>
Workarounds and Mitigations
The permissions on the cit/bin/etc folder and files can be modified to be more restrictive.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm spectrum protect | eq | 8.1 | |
| ibm spectrum protect | eq | 7.1 |
Related
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N