CVE-2012-5938 - OpenCVE

The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Conectiva	Linux
Ibm	Infosphere Information Server
Novell	Unixware

Configuration 1 [-]

AND

OR	cpe:2.3:a:ibm:infosphere_information_server:8.1:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.5:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:8.7:::::::*
	cpe:2.3:a:ibm:infosphere_information_server:9.1:::::::*

OR	cpe:2.3:o:conectiva:linux::::::::
	cpe:2.3:o:novell:unixware::::::::

No data.

References

Link	Providers
http://www.ibm.com/support/docview.wss?uid=swg21628844
https://exchange.xforce.ibmcloud.com/vulnerabilities/80493

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2013-03-20T14:00:00

Updated: 2024-08-06T21:21:28.200Z

Reserved: 2012-11-21T00:00:00

Link: CVE-2012-5938

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-03-20T14:55:04.107

Modified: 2017-08-29T01:32:52.137

Link: CVE-2012-5938

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-03-15T00:00:00", "descriptions": [{"lang": "en", "value": "The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "infosphere-file-priv-esc(80493)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80493"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21628844"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-5938", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "infosphere-file-priv-esc(80493)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80493"}, {"name": "http://www.ibm.com/support/docview.wss?uid=swg21628844", "refsource": "CONFIRM", "url": "http://www.ibm.com/support/docview.wss?uid=swg21628844"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:21:28.200Z"}, "title": "CVE Program Container", "references": [{"name": "infosphere-file-priv-esc(80493)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80493"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ibm.com/support/docview.wss?uid=swg21628844"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2012-5938", "datePublished": "2013-03-20T14:00:00", "dateReserved": "2012-11-21T00:00:00", "dateUpdated": "2024-08-06T21:21:28.200Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "317FAE67-76E2-4084-9393-8A02D255BAF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "CA7096B4-291F-49BB-8DBC-E67AC901CF08", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*", "matchCriteriaId": "42A9CF5C-79EC-4BBF-92AF-2AB3DC125684", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "F3BF0A4B-5DDB-420D-B1F2-8C1ED23F60CF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:conectiva:linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "C74C8F2C-92F4-4A9F-BF5A-8B5DF1A50DC7", "vulnerable": false}, {"criteria": "cpe:2.3:o:novell:unixware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E2755DC-36FD-4634-B478-CAA9BE504ECF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations."}, {"lang": "es", "value": "El proceso de instalaci\u00f3n en IBM InfoSphere Information Server v8.1, v8.5, v8.7 y v9.1 sobre UNIX y Linux, establece permisos y propietarios incorrectamente, lo que permite a usuarios locales evitar las restricciones de acceso establecidas a trav\u00e9s de de operaciones est\u00e1ndar con archivos."}], "id": "CVE-2012-5938", "lastModified": "2017-08-29T01:32:52.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-03-20T14:55:04.107", "references": [{"source": "psirt@us.ibm.com", "url": "http://www.ibm.com/support/docview.wss?uid=swg21628844"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80493"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}