IBMBD261702ACEEFEFC823263493AFEAFE972926BEA8DE3A922E6D94F188B6853CESecurity Bulletin: Buffer overflow vulnerabilities in ClearCase with privilege escalation (CVE-2014-0829)
0.003 Low
EPSS
Percentile
71.1%
Summary
Buffer overflows are possible in IBM Rational ClearCase, which could lead to privilege escalation on a VOB or view server host or a CCRC WAN server.
Vulnerability Details
| Subscribe to My Notifications to be notified of important product support alerts like this.
- Follow this link for more information (requires login with your IBM ID)
—|—
CVE ID:CVE-2014-0829
Description:
Buffer overflows are possible in IBM Rational ClearCase, which could lead to privilege escalation on a VOB or view server host or a CCRC WAN server. They could lead to remote code execution as root on a UNIX or Linux VOB or view server, and remote code execution as a logged-in user on a CCRC WAN server.
CVSS Base Score: 6.0 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90568> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Affected Products and Versions
IBM Rational ClearCase versions 7.0.0, 7.0.1 (all fix packs), 7.1.1 (all fix packs), 7.1.2 through** **7.1.2.12, 8.0.0 through 8.0.0.9, and 8.0.1 through 8.0.1.2
Remediation/Fixes
The solution is to upgrade to a newer fix pack of ClearCase. Please see below for information on the fixes available.
Fixes:
-
Systems running 7.1.0, 7.1.1: upgrade to Rational ClearCase Fix Pack 13 (7.1.2.13) for 7.1.2.
Note: 7.1.2.13 inter-operates with all 7.1.1.x systems, and can be installed in the same way as 7.1.1.x fix packs.
For the 7.0.0 and 7.0.1 releases of IBM Rational ClearCase, contact IBM support for additional details on the fix.
Workarounds and Mitigations
For CCRC WAN Server: disable interactive triggers in your VOBs until you have applied a fix.
Related
0.003 Low
EPSS
Percentile
71.1%