IBM Tivoli System Automation for Multiplatforms Local Privilege Escalation Vulnerability

IBM Tivoli System Automation for Multiplatforms is prone to a local privilege-escalation vulnerability.

Exploiting this issue allows local attackers to gain elevated privileges.

IBM Tivoli System Automation for Multiplatforms 4.1 and 3.2.2.9 are vulnerable.

Information

Bugtraq ID: 96764
Class: Design Error
CVE: CVE-2017-1134

Remote: No
Local: Yes
Published: Mar 07 2017 12:00AM
Updated: Oct 05 2018 09:00AM
Credit: Martin Carpenter
Vulnerable: IBM Tivoli System Automation for Multiplatforms 3.2.2.9
IBM Tivoli System Automation (TSA) for Multiplatforms 4.1
IBM DB2 Workgroup Server Edition 11.1
IBM DB2 Workgroup Server Edition 10.5
IBM DB2 Workgroup Server Edition 10.1
IBM DB2 Express Edition 11.1
IBM DB2 Express Edition 10.5
IBM DB2 Express Edition 10.1
IBM DB2 Enterprise Server Edition 11.1
IBM DB2 Enterprise Server Edition 10.5
IBM DB2 Enterprise Server Edition 10.1
IBM DB2 Connect Unlimited Edition for System z 10.5
IBM DB2 Connect Unlimited Edition for System z 10.1
IBM DB2 Connect Unlimited Edition for System i 10.5
IBM DB2 Connect Unlimited Edition for System i 10.1
IBM DB2 Connect Enterprise Edition 10.5
IBM DB2 Connect Enterprise Edition 10.1
IBM DB2 Connect Application Server Edition 10.5
IBM DB2 Connect Application Server Edition 10.1
IBM DB2 Advanced Workgroup Server Edition 11.1
IBM DB2 Advanced Workgroup Server Edition 10.5
IBM DB2 Advanced Workgroup Server Edition 10.1
IBM DB2 Advanced Enterprise Server Edition 11.1
IBM DB2 Advanced Enterprise Server Edition 10.5
IBM DB2 Advanced Enterprise Server Edition 10.1

Not Vulnerable:

Exploit

An attacker requires local access to exploit this issue.

References:

• IBM Homepage (IBM)
  
• swg21998459: A security vulnerability has been identified in IBM Reliable Scalab (IBM)
  
• swg22002573: Privilege escalation vulnerability affects IBM® DB2® LUW (CVE-2017- (IBM)
  

Source: www.securityfocus.com