CVE-2013-6335

The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.

CVSS v2.0 3.3 LOW

3.3^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 3.4 / Impact : 4.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/60482	Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095	Broken Link
http://www-01.ibm.com/support/docview.wss?uid=swg21680453	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/89054	VDB Entry Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:ibm:tivoli_storage_manager::::::::
	cpe:2.3:a:ibm:tivoli_storage_manager::::::::
	cpe:2.3:a:ibm:tivoli_storage_manager::::::::
	cpe:2.3:a:ibm:tivoli_storage_manager::::::::

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:hp:hp-ux:-:::::::*
	cpe:2.3:o:oracle:solaris:-::::::-:

History

No history.

Information

Published : 2014-08-26 10:55

Updated : 2023-12-10 11:31

NVD link : CVE-2013-6335

Mitre link : CVE-2013-6335

CVE.ORG link : CVE-2013-6335

JSON object : View

Products Affected

oracle

solaris

ibm

tivoli_storage_manager
aix

linux

linux_kernel

hp

hp-ux

CWE

CWE-281

Improper Preservation of Permissions

{"id": "CVE-2013-6335", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-08-26T10:55:04.073", "references": [{"url": "http://secunia.com/advisories/60482", "tags": ["Third Party Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095", "tags": ["Broken Link"], "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680453", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89054", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-281"}]}], "descriptions": [{"lang": "en", "value": "The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations."}, {"lang": "es", "value": "El cliente Backup-Archive en IBM Tivoli Storage Manager (TSM) for Space Management 5.x y 6.x anterior a 6.2.5.3, 6.3.x anterior a 6.3.2, 6.4.x anterior a 6.4.2, y 7.1.x anterior a 7.1.0.3 en Linux y AIX, y 5.x y 6.x anterior a 6.1.5.6 en Solaris y HP-UX, no conserva los permisos de ficheros durante operaciones de copia de seguridad y restauraci\u00f3n, lo que permite a usuarios locales evadir las restricciones de acceso a trav\u00e9s de operaciones est\u00e1ndar del sistema de ficheros."}], "lastModified": "2020-10-29T20:19:57.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89B4022B-3080-418B-8DD9-3ED135B87876", "versionEndExcluding": "6.2.5.3", "versionStartIncluding": "5.1"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F1FDA6C-A387-4DC6-BCBE-7100023AB999", "versionEndExcluding": "6.3.2", "versionStartIncluding": "6.3.0"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C88F7C47-1250-407A-95F8-84B2CDD2AC92", "versionEndExcluding": "6.4.2", "versionStartIncluding": "6.4.0"}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF7B18F8-C8C3-4843-90D7-E33121382017", "versionEndExcluding": "7.1.0.3", "versionStartIncluding": "7.1.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "309050A8-60A5-408E-A1AA-98484F0AC9E5", "versionEndExcluding": "6.1.5.6", "versionStartIncluding": "5.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C"}, {"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "vulnerable": false, "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@us.ibm.com"}