IBM PowerVC 'api-paste.ini' Multiple Insecure File Permissions Vulnerabilities

Bugtraq ID:	69437
Class:	Design Error
CVE:	CVE-2014-3093
Remote:	No
Local:	Yes
Published:	Aug 25 2014 12:00AM
Updated:	Sep 01 2014 12:13AM
Credit:	Vendor reported this issue.
Vulnerable:
Not Vulnerable:

IBM PowerVC 'api-paste.ini' Multiple Insecure File Permissions Vulnerabilities

IBM PowerVC is prone to multiple insecure file-permission vulnerabilities.

A local attacker can exploit these issues by gaining access to the files and extracting sensitive information from it. Information obtained may aid in other attacks.

Following product versions are affected:

PowerVC Express Edition 1.2.0.0 through 1.2.0.2
PowerVC Express Edition 1.2.1.0 through 1.2.1.1
PowerVC Standard Edition 1.2.0.0 through 1.2.0.2
PowerVC Standard Edition 1.2.1.0 through 1.2.1.1

IBM PowerVC 'api-paste.ini' Multiple Insecure File Permissions Vulnerabilities

Attackers can use readily available tools and standard commands to exploit this issue.

IBM PowerVC 'api-paste.ini' Multiple Insecure File Permissions Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

IBM PowerVC 'api-paste.ini' Multiple Insecure File Permissions Vulnerabilities

References: