CVE-2013-6335

The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.

Published: Aug 26, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-6335
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.3
AV:L/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-281

Affected Software
References

Software	From	Fixed in
ibm / tivoli_storage_manager	5.1	6.2.5.3
ibm / tivoli_storage_manager	6.3.0	6.3.2
ibm / tivoli_storage_manager	6.4.0	6.4.2
ibm / tivoli_storage_manager	7.1.0.0	7.1.0.3
ibm / tivoli_storage_manager	5.1	6.1.5.6

http://secunia.com/advisories/60482
http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095
http://www-01.ibm.com/support/docview.wss?uid=swg21680453
https://exchange.xforce.ibmcloud.com/vulnerabilities/89054

Vulnerability Database

CVE-2013-6335