IBM Tivoli Storage Manager Client Symlink Cross-User Information Disclosure
Low Nessus Plugin ID 91981
SynopsisA client application installed on the remote Linux host is affected by a local information disclosure vulnerability.
DescriptionThe version of IBM Tivoli Storage Manager Client installed on the remote Linux host is 5.5.x prior to 18.104.22.168, 6.4.x prior to 22.214.171.124, or 7.1.x prior to 7.1.6. It is, therefore, affected by an information disclosure vulnerability due to creating temporary files insecurely. A local attacker can exploit this, via a symlink created during archive and retrieve actions, to disclose data from arbitrary accounts.
SolutionUpgrade to Tivoli Storage Manager Client version 126.96.36.199 / 188.8.131.52 / 7.1.6 or later.