Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFE523C446773007CF786EAB9BC3FF717924F65CF316C3AA47A605409624D82F8
HistoryAug 21, 2020 - 5:25 p.m.

Security Bulletin: IBM Connect:Direct for UNIX is Vulnerable to a Privilege Escalation Attack via its ndmauth modules

2020-08-2117:25:01
www.ibm.com
10

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

IBM Sterling Connect:Direct for UNIX could allow a user who is authorized for limited system privileges to attack through the ndmauth modules taking advantage of a buffer overflow vulnerability to manipulate CD UNIX and obtain root privileges.

Vulnerability Details

CVEID:CVE-2020-4587
**DESCRIPTION:**IBM Sterling Connect:Direct for UNIX is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/184578 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Connect:Direct for UNIX 6.1.0
IBM Connect:Direct for UNIX 6.0.0
IBM Sterling Connect:Direct for UNIX 4.3.0
IBM Sterling Connect:Direct for UNIX 4.2.0

Remediation/Fixes

V.R.M.F APAR Remediation/First Fix
6.1.0 IT33840 Apply 6.1.0.0.iFix028, available in cumulative iFix031 on Fix Central
6.0.0 IT33840 Apply 6.0.0.2.iFix057, available in cumulative iFix060 on Fix Central
4.3.0 IT33840 Apply 4.3.0.1.iFix062, available in cumulative iFix063 on Fix Central
4.2.0 IT33840 Apply 4.2.0.5.iFix045, available on Fix Central

Workarounds and Mitigations

None

Related

prion 1
cvelist 1
nvd 1
cve 1
prion
prion
Stack overflow
2020-08-24 16:15:00
cvelist
cvelist
CVE-2020-4587
2020-08-21 00:00:00
nvd
nvd
CVE-2020-4587
2020-08-24 16:15:11
cve
cve
CVE-2020-4587
2020-08-24 16:15:11

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for FE523C446773007CF786EAB9BC3FF717924F65CF316C3AA47A605409624D82F8
prion1cvelist1nvd1cve1