Security Bulletin: Weak file permissions vulnerability affects IBM Tivoli Monitoring for Tivoli Storage Manager (CVE-2015-4927)
Weak file permissions exist on several files after the installation of Tivoli Storage Manager Reporting and Monitoring in a Linux or AIX environment. This has the potential of privilege escalation by an attacker.
DESCRIPTION: The installation of Tivoli Storage Manager Reporting & Monitoring leaves world-writable files with root ownership on the system for Unix and Linux versions. There is the potential of privilege escalation by an attacker making use of these files.
CVSS Base Score: 7.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104087 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Affected Products and Versions
IBM Tivoli Monitoring for Tivoli Storage Manager (Reporting and Monitoring) 7.1, 6.3, 6.2, and 6.1 versions are affected by this vulnerability.
If the IBM Tivoli Monitoring for Tivoli Storage Manager product is already installed, please use the instructions provided in the Workarounds and Mitigations section.
|Tivoli Storage Monitoring for Tivoli Storage Manager Version (Reporting and Monitoring)||First Fixing VRMF Level||Client
|Link to Fix / Fix Availability Target|
The Windows platform is not affected by this security issue.
Extended support customers using IBM Tivoli Monitoring versions 6.2 or 6.1 for Tivoli Storage Manager can use the instructions provided in the Workaround and Mitigations section.
Workarounds and Mitigations
After installation of IBM Tivoli Monitoring for Tivoli Storage Manager Reporting and Monitoring feature, the secureMain command should be run to set your required security levels for the installed directories.
To update the permission levels on the installed directories, you need to run the secureMain command.
<install_dir>/bin/secureMain [-h install_dir] [-g common_group] [-t type_code] lock
<install_dir>/bin/secureMain [-h install_dir] [-g common_group] unlock
install_dir - is the directory path for the IBM Tivoli Monitoring installation. If this parameter is not supplied, the script attempts to determine the location of the installation directory.
For example: /opt/tivoli/tsm/reporting/itm
common_group - is a group ID common to all of the user IDs that are used to run components in this installation. The user ID that is used to run the installation must also be a member of the group ID specified. The only exception is the root ID, which is not required to be a member of the group ID specified.
type_code - is a component code that belongs to an installed component. You can specify multiple -t options to create a list of component codes to be processed.
If the secureMain command is started with no parameters, the usage text is displayed.
The lock parameter is used to set more restrictive permissions in an IBM Tivoli Monitoring installation. It must be run after you install or configure components.
When the secureMain command with the lock parameter is run with no other parameters, the permissions are set to execute permissions (755) for most directories. However, world write permissions (777) are set on a number of directories. When certain components that are commonly run by using multiple user IDs are present in the installation, many more files have world write permissions set.
When the secureMain command is run with the lock and -g common_group parameters set, the permissions are set to execute permissions and the directories have their group owner changed to the common_group specified. No directories are left with world write permissions. Even when components that are commonly run by using multiple user IDs are present in the installation, no files are set to world write permissions. Additionally, the common_group value is written to a file and is used for all future invocations of secureMain command with the lock parameter in the same installation, unless the -g common_group parameter is specified and the common_group is different from the previous value.
When the secureMain command is run with the lock and -t type_code parameters set, sections of the installation might be skipped when you set permissions to execute permission. Common directories, like bin, config, registry, and logs are always processed. Only directories specific to the specified type_code components are processed. The other component directory trees are skipped.
You can run the secureMain command with the unlock parameter to set less strict permissions in an IBM Tivoli Monitoring installation.
Running the secureMain command with the unlock parameter is normally not necessary, but can be run if required. You must run the command before you install or configure components.
When the secureMain command is run with the unlock parameter does not return the installation to the permission state that it was in before you ran the secureMain command with the lock parameter. It processes only the common directories, like bin, config, registry, and logs.
The following example locks the installation by using the common group itmgroup:
secureMain -g itmgroup lock
The following example locks the base and mq component directories by using the common group itmgroup:
secureMain -g itmgroup -t mq lock
Get Notified about Future Security Bulletins
ReferencesComplete CVSS v2 Guide
On-line Calculator v2
Related informationIBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Joe Hart working with NCC Group
27 October 2015 - Initially published
04 November 2015 - Updated Acknowledgement and target date for 6.3 fix.
25 July 2016 - Added fix for 6.3.6
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
More support for:
Tivoli Storage Manager
Software version: All Supported Versions
Operating system(s): AIX, Linux
Software edition: All Editions
Reference #: 1969340
Modified date: 23 August 2017