First published: Tue Aug 26 2014(Updated: )
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Tivoli Storage Manager | >=5.1<6.2.5.3 | |
IBM Tivoli Storage Manager | >=6.3.0<6.3.2 | |
IBM Tivoli Storage Manager | >=6.4.0<6.4.2 | |
IBM Tivoli Storage Manager | >=7.1.0.0<7.1.0.3 | |
IBM AIX | ||
Linux Kernel | ||
IBM Tivoli Storage Manager | >=5.1<6.1.5.6 | |
HPE HP-UX | ||
Oracle Solaris SPARC |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-6335 is considered a medium severity vulnerability due to its impact on file permission preservation.
To fix CVE-2013-6335, you should upgrade IBM Tivoli Storage Manager to versions 6.2.5.3, 6.3.2, 6.4.2, or 7.1.0.3 or later.
CVE-2013-6335 affects multiple versions of IBM Tivoli Storage Manager on Linux, AIX, Solaris, and HP-UX.
The main issue caused by CVE-2013-6335 is the failure to preserve file permissions during backup and archive operations.
If you are using an updated version of Tivoli Storage Manager beyond the specified vulnerable versions, CVE-2013-6335 should no longer be a risk.