3 matches found
Security Bulletin: IBM Sterling Connect:Direct for UNIX Allows a User with Sudo Access Restricted to Certain Connect:Direct Executable Files to Expand Access Beyond the Restriction (CVE-2018-1903)
Summary UNIX system administrators may grant access to run certain executable files with expanded privilege via the sudo utility. Connect:Direct for UNIX has a vulnerability that could allow a user to escape this sudo executable file restriction and perform unauthorized commands with expanded...
CVE-2018-1903
CVE-2018-1903 affects IBM Sterling Connect:Direct for UNIX versions 6.0.0, 4.3.0, and 4.2.0. The IBM bulletin describes an elevation-of-privilege path where a user with restricted sudo access can manipulate the Connect:Direct UNIX component to gain full sudo privileges. Root cause: exploiting sud...
CVE-2018-1903
IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532...