----------------------------------------------------------------------

2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published

How do you know which Secunia advisories are important to you?

The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.

Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv

----------------------------------------------------------------------

TITLE:
IBM Tivoli Continuous Data Protection for Files Insecure Permissions

SECUNIA ADVISORY ID:
SA27473

VERIFY ADVISORY:
http://secunia.com/advisories/27473/

CRITICAL:
Less critical

IMPACT:
Privilege escalation, System access

WHERE:
Local system

SOFTWARE:
IBM Tivoli Continuous Data Protection for Files 3.x
http://secunia.com/product/16411/

DESCRIPTION:
A security issue has been reported in IBM Tivoli Continuous Data
Protection for Files, which can be exploited by malicious, local
users to compromise other systems.

The problem is caused due to insecure default file permissions being
set on the server's global download directory. This can be exploited
to gain escalated privileges by placing malicious files in the
directory, which will be distributed to and executed on the client
machines.

The security issue is reported in version 3.1. Other versions may
also be affected.

SOLUTION:
The vendor recommends setting proper permissions on the directory to
ensure that only trusted users have write-access.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
APAR IC54264:
http://www-1.ibm.com/support/docview.wss?uid=swg1IC54264

Technote 1272084:
http://www-1.ibm.com/support/docview.wss?uid=swg21272084

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------