Security Bulletin: IBM Spectrum Protect (formerly Tivoli Storage Manager) Unix Clients are vulnerable to unauthorized access to files by non-privileged users (CVE-2017-1301)

Summary

IBM Spectrum Protect (formerlyTivoli Storage Manager) Unix Clients may use a symbolic link to provide non-privileged users access to files that require root privileges.

Vulnerability Details

CVEID: CVE-2017-1301 DESCRIPTION: IBM Spectrum Protect could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/125163 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

The following versions of the IBM Spectrum Protect (formerly Tivoli Storage Manager) Client are affected:

• 8.1.0.0 through 8.1.0.2
• 7.1.0.0 through 7.1.6.6 - AIX, HP-UX, Linux x86, and Solaris platforms
  7.1.0.0 through 7.1.6.7 - Macintosh platform
• 6.4 and below all levels (6.4 and below are EOS)

Remediation/Fixes

IBM Spectrum Protect (Tivoli Storage Manager) Client Release

| Fixing VRM Level |Platform|APAR|Link to Fix / Fix Availability Target
—|—|—|—|—
8.1 | 8.1.2 | AIX
Linux x86
Macintosh
Solaris | IT20286 | <http://www.ibm.com/support/docview.wss?uid=swg24043887&gt;
7.1 | 7.1.8 | AIX
HP-UX
Linux x86
Macintosh
Solaris | IT20286 | <http://www.ibm.com/support/docview.wss?uid=swg24043984&gt;
6.4 and below | | | | IBM recommends upgrading to a fixed version (8.1.2 or 7.1.8) of the IBM Spectrum Protect (formerly Tivoli Storage Manager) Client.

Workarounds and Mitigations

None