CVE-2016-0380
First published: Mon Aug 08 2016(Updated: )
IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Sterling Connect:Direct | =direct-4.1.0.0 | |
| IBM Sterling Connect:Direct | =direct-4.1.0.1 | |
| IBM Sterling Connect:Direct | =direct-4.1.0.2 | |
| IBM Sterling Connect:Direct | =direct-4.1.0.3 | |
| IBM Sterling Connect:Direct | =direct-4.1.0.4 | |
| IBM Sterling Connect:Direct | =direct-4.2.0.0 | |
| IBM Sterling Connect:Direct | =direct-4.2.0.1 | |
| IBM Sterling Connect:Direct | =direct-4.2.0.2 | |
| IBM Sterling Connect:Direct | =direct-4.2.0.3 | |
| IBM Sterling Connect:Direct | =direct-4.2.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-0380?
CVE-2016-0380 is rated as a medium severity vulnerability due to its potential to expose sensitive information to local users.
How do I fix CVE-2016-0380?
To fix CVE-2016-0380, update IBM Sterling Connect:Direct to version 4.1.0.4 iFix073 or 4.2.0.4 iFix003 or later.
What types of systems are affected by CVE-2016-0380?
CVE-2016-0380 affects IBM Sterling Connect:Direct for Unix versions 4.1.0 to 4.1.0.3 and 4.2.0 to 4.2.0.3.
What causes the vulnerability in CVE-2016-0380?
The vulnerability in CVE-2016-0380 is caused by default file permissions of 0664 allowing unauthorized local access to sensitive files.
Is there a workaround for CVE-2016-0380?
A temporary workaround for CVE-2016-0380 is to manually change the file permissions to restrict access until a patch is applied.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm sterling connect:direct
- version/ibm sterling connect:direct/direct-4.1.0.0
- version/ibm sterling connect:direct/direct-4.1.0.1
- version/ibm sterling connect:direct/direct-4.1.0.2
- version/ibm sterling connect:direct/direct-4.1.0.3
- version/ibm sterling connect:direct/direct-4.1.0.4
- version/ibm sterling connect:direct/direct-4.2.0.0
- version/ibm sterling connect:direct/direct-4.2.0.1
- version/ibm sterling connect:direct/direct-4.2.0.2
- version/ibm sterling connect:direct/direct-4.2.0.3
- version/ibm sterling connect:direct/direct-4.2.0.4