---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: IBM Tivoli Continuous Data Protection for Files Insecure Permissions SECUNIA ADVISORY ID: SA27473 VERIFY ADVISORY: http://secunia.com/advisories/27473/ CRITICAL: Less critical IMPACT: Privilege escalation, System access WHERE: Local system SOFTWARE: IBM Tivoli Continuous Data Protection for Files 3.x http://secunia.com/product/16411/ DESCRIPTION: A security issue has been reported in IBM Tivoli Continuous Data Protection for Files, which can be exploited by malicious, local users to compromise other systems. The problem is caused due to insecure default file permissions being set on the server's global download directory. This can be exploited to gain escalated privileges by placing malicious files in the directory, which will be distributed to and executed on the client machines. The security issue is reported in version 3.1. Other versions may also be affected. SOLUTION: The vendor recommends setting proper permissions on the directory to ensure that only trusted users have write-access. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: APAR IC54264: http://www-1.ibm.com/support/docview.wss?uid=swg1IC54264 Technote 1272084: http://www-1.ibm.com/support/docview.wss?uid=swg21272084 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------