CVE-2013-6335 - OpenCVE

The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:L/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hp	Hp-ux
Ibm	Aix Tivoli Storage Manager
Linux	Linux Kernel
Oracle	Solaris

Configuration 1 [-]

AND

OR	cpe:2.3:a:ibm:tivoli_storage_manager::::::::
	cpe:2.3:a:ibm:tivoli_storage_manager::::::::
	cpe:2.3:a:ibm:tivoli_storage_manager::::::::
	cpe:2.3:a:ibm:tivoli_storage_manager::::::::

OR	cpe:2.3:o:ibm:aix:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:hp:hp-ux:-:::::::*
	cpe:2.3:o:oracle:solaris:-::::::-:

No data.

References

Link	Providers
http://secunia.com/advisories/60482
http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095
http://www-01.ibm.com/support/docview.wss?uid=swg21680453
https://exchange.xforce.ibmcloud.com/vulnerabilities/89054

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2014-08-26T10:00:00

Updated: 2024-08-06T17:39:00.637Z

Reserved: 2013-10-31T00:00:00

Link: CVE-2013-6335

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-08-26T10:55:04.073

Modified: 2020-10-29T20:19:57.827

Link: CVE-2013-6335

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-12T00:00:00", "descriptions": [{"lang": "en", "value": "The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680453"}, {"name": "IC96095", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095"}, {"name": "60482", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60482"}, {"name": "ibm-tsm-cve20136335-info-disc(89054)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89054"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2013-6335", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680453", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680453"}, {"name": "IC96095", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095"}, {"name": "60482", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60482"}, {"name": "ibm-tsm-cve20136335-info-disc(89054)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89054"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:39:00.637Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680453"}, {"name": "IC96095", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095"}, {"name": "60482", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60482"}, {"name": "ibm-tsm-cve20136335-info-disc(89054)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89054"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2013-6335", "datePublished": "2014-08-26T10:00:00", "dateReserved": "2013-10-31T00:00:00", "dateUpdated": "2024-08-06T17:39:00.637Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "89B4022B-3080-418B-8DD9-3ED135B87876", "versionEndExcluding": "6.2.5.3", "versionStartIncluding": "5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F1FDA6C-A387-4DC6-BCBE-7100023AB999", "versionEndExcluding": "6.3.2", "versionStartIncluding": "6.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C88F7C47-1250-407A-95F8-84B2CDD2AC92", "versionEndExcluding": "6.4.2", "versionStartIncluding": "6.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF7B18F8-C8C3-4843-90D7-E33121382017", "versionEndExcluding": "7.1.0.3", "versionStartIncluding": "7.1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*", "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "309050A8-60A5-408E-A1AA-98484F0AC9E5", "versionEndExcluding": "6.1.5.6", "versionStartIncluding": "5.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*", "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C", "vulnerable": false}, {"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*", "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations."}, {"lang": "es", "value": "El cliente Backup-Archive en IBM Tivoli Storage Manager (TSM) for Space Management 5.x y 6.x anterior a 6.2.5.3, 6.3.x anterior a 6.3.2, 6.4.x anterior a 6.4.2, y 7.1.x anterior a 7.1.0.3 en Linux y AIX, y 5.x y 6.x anterior a 6.1.5.6 en Solaris y HP-UX, no conserva los permisos de ficheros durante operaciones de copia de seguridad y restauraci\u00f3n, lo que permite a usuarios locales evadir las restricciones de acceso a trav\u00e9s de operaciones est\u00e1ndar del sistema de ficheros."}], "id": "CVE-2013-6335", "lastModified": "2020-10-29T20:19:57.827", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-08-26T10:55:04.073", "references": [{"source": "psirt@us.ibm.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/60482"}, {"source": "psirt@us.ibm.com", "tags": ["Broken Link"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680453"}, {"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89054"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-281"}], "source": "nvd@nist.gov", "type": "Primary"}]}