Published:

17 May 2013

Protect yourself against future threats.

//Service

Malicious URL Feed

Add this Australian-based feed to your firewall blacklist and SIEM to prevent compromises to your network.

Read more
Resources > Security Bulletins > ESB-2013.0711 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2013.0711
Security Bulletin: Elevated privileges vulnerability in Connect:Direct for
                 UNIX on AIX 6.1 and above (CVE-2013-2989)
                                17 May 2013

===========================================================================

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: Elevated privileges vulnerability in Connect:Direct for UNIX 
on AIX 6.1 and above (CVE-2013-2989)

Flash (Alert)

Document information

Sterling Connect:Direct for UNIX

Software version:
3.8, 4.0, 4.1

Operating system(s):
AIX

Reference #:
1637561

Modified date:
2013-05-14

Abstract

A user who has been successfully authenticated by Connect:Direct for UNIX 
executes Connect:Directls file copying functionality with elevated file system 
privileges.

Content

VULNERABILITY DETAILS:

CVE ID: CVE-2013-2989

DESCRIPTION: A user who has been successfully authenticated by Connect:Direct 
for UNIX executes Connect:Direct for UNIX's file copying functionality with 
elevated file system privileges. An authenticated user can exploit the 
vulnerability to bypass file system permissions: the user can read a file 
without having read permission and overwrite a file without having write 
permission. The vulnerability only occurs on AIX 6.1 and above.

CVSS:
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84016 for the 
current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:S/C:C/I:C/A:C)

AFFECTED VERSIONS:
All versions.

REMEDIATION:
The recommended solution is to apply the fix for each version as soon as 
practical. See below for information on the available fixes.
 Version 4.1.0: apply the iFix for IC86449 or any iFix dated 24 January 2013 or
 later.
 Version 4.0.00: apply the iFix for IC86449 or any iFix dated 10 September 2012
 or later.
 Version 3.8.00: apply the iFix for IC86449 or any iFix dated 1 February 2013 
 or later.

WORKAROUND(S):
 None known.

MITIGATION(S):
 Until the fix is applied, for each user defined in the Connect:Direct User 
File, use Connect:Direct's User Authorities to restrict the access of the 
user to the appropriate part of the file system for that user.

REFERENCES:
 Complete CVSS Guide
 On-line Calculator V2
 X-Force Vulnerability Database
 CVE-2013-2989

RELATED INFORMATION:
 IBM Secure Engineering Web Portal
 IBM Product Security Incident Response Blog


*The CVSS Environment Score is customer environment specific and will 
ultimately impact the Overall CVSS Score. Customers can evaluate the impact 
of this vulnerability in their environments by accessing the links in the 
Reference section of this Flash.

Note: According to the Forum of Incident Response and Security Teams (FIRST), 
the Common Vulnerability Scoring System (CVSS) is an "industry open standard 
designed to convey vulnerability severity and help to determine urgency and 
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY 
ACTUAL OR POTENTIAL SECURITY VULNERABILITY

Copyright and trademark information

IBM, the IBM logo and ibm.com are trademarks of International Business Machines 
Corp., registered in many jurisdictions worldwide. Other product and service 
names might be trademarks of IBM or other companies. A current list of IBM 
trademarks is available on the Web at "Copyright and trademark information" at 
www.ibm.com/legal/copytrade.shtml.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUZWybO4yVqjM2NGpAQIPYQ//fyLIt6dE+p/ZAV7H2NJYqaRUCxtEVfss
L9gwwzNs5Pjt9a9sKsPZKFZEWz02Cny7SHRbGKAGp0GgDfdfeoNsXlak+Jgi2R3x
s5NyxTc5UDwdvIVSgl+uQlXE2CaCITz7CdRzjlNTquwBRePoEHdScz4v+E5qahvQ
b8fhjjjK+Gyfxx1iOMBYKgDQFagZij9stIMwZS5M35LtrdlJmnBgSHZZnfZY2KHf
pBeUb9dFCTYbLhKVK0s3L/uq9Rj1g95BD9qw5LXnfGlHZE0Ehr5Qd7qeh0MgKzFg
aZeZyuS+oMwmZHjyfmOkb/R0znpOZbbp8gXQpBEeXNDWDD9ppx6WDLsbfEDmeH7u
SodhXIwMPdV1WA9HKIJN34IBqeT9F1ce4cVSujHXISGaxsgbSY7diPAyAq1bb+Nw
1fQP214OXU2aqz/dF6z/jrmAl8W5VK9EhyLBmLk+mEBmyJhlX5tuogvNbwCekHTC
+K9oxVgTOeHM2YYotBprsX5qpP4nvwGBa7YCN4TlqbuXi/ng88b/k8kGMwmxxK0P
PIhBUdMdzp9TnbnZQTEPo1ra07B1n+x7s5oocb33JuheRfEmv68yEFvK9SI87nit
IimAQEyTSzCNNJ9HtL9zmZzZwUAPSuqWoylBtnL3EqmRBFgtqhdbkjDH6r3ux+RU
xuJ8CE5N1nM=
=lUVz
-----END PGP SIGNATURE-----