IBM Tivoli Continuous Data Protection for Files Insecure Default Permissions Vulnerability
BID:26293
Info
IBM Tivoli Continuous Data Protection for Files Insecure Default Permissions Vulnerability
| Bugtraq ID: | 26293 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-5819 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 01 2007 12:00AM |
| Updated: | Apr 30 2009 12:06AM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
IBM Tivoli Continuous Data Protection for Files 3.1 |
| Not Vulnerable: | |
Discussion
IBM Tivoli Continuous Data Protection for Files Insecure Default Permissions Vulnerability
IBM Tivoli Continuous Data Protection for Files is prone to an insecure-permissions vulnerability that affects the application's 'Global Download' directory.
Successfully exploiting this issue allows attackers to distribute and execute arbitrary executables to client computers managed by the vulnerable software. This may facilitate the complete compromise of all client computers.
IBM Tivoli Continuous Data Protection for Files 3.1 is vulnerable; other versions may also be affected.
IBM Tivoli Continuous Data Protection for Files is prone to an insecure-permissions vulnerability that affects the application's 'Global Download' directory.
Successfully exploiting this issue allows attackers to distribute and execute arbitrary executables to client computers managed by the vulnerable software. This may facilitate the complete compromise of all client computers.
IBM Tivoli Continuous Data Protection for Files 3.1 is vulnerable; other versions may also be affected.
Exploit / POC
IBM Tivoli Continuous Data Protection for Files Insecure Default Permissions Vulnerability
To exploit this issue, attackers place executable content in the affected directory.
To exploit this issue, attackers place executable content in the affected directory.
Solution / Fix
IBM Tivoli Continuous Data Protection for Files Insecure Default Permissions Vulnerability
Solution:
The vendor has released an advisory to address this vulnerability. Please see the references for information on fixing this issue.
Solution:
The vendor has released an advisory to address this vulnerability. Please see the references for information on fixing this issue.
References
IBM Tivoli Continuous Data Protection for Files Insecure Default Permissions Vulnerability
References:
References: