2 matches found
Security Bulletin: User sessions running with root GID in IBM SPSS Modeler (CVE-2014-3038)
Summary IBM SPSS Modeler running on Unix platforms contains a vulnerability that could allow a local attacker to gain access to files that normally would only be available to privileged users. The server authenticates a user and spawns a new process that runs in the context of the authenticated...
CVE-2014-3038
CVE-2014-3038 affects IBM SPSS Modeler 16 on UNIX. The vulnerability arises when a spawned process retains root GID and privileged groups after authentication, allowing a local attacker to access files normally restricted to privileged users by leveraging (1) gid 0 or (2) root’s group memberships...