The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
                
            References
                    | Link | Resource | 
|---|---|
| http://secunia.com/advisories/60482 | Third Party Advisory | 
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095 | Broken Link | 
| http://www-01.ibm.com/support/docview.wss?uid=swg21680453 | Vendor Advisory | 
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89054 | VDB Entry Vendor Advisory | 
| http://secunia.com/advisories/60482 | Third Party Advisory | 
| http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095 | Broken Link | 
| http://www-01.ibm.com/support/docview.wss?uid=swg21680453 | Vendor Advisory | 
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89054 | VDB Entry Vendor Advisory | 
Configurations
                    Configuration 1 (hide)
| AND | 
 
 | 
Configuration 2 (hide)
| AND | 
 
 | 
History
                    21 Nov 2024, 01:59
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () http://secunia.com/advisories/60482 - Third Party Advisory | |
| References | () http://www-01.ibm.com/support/docview.wss?uid=swg1IC96095 - Broken Link | |
| References | () http://www-01.ibm.com/support/docview.wss?uid=swg21680453 - Vendor Advisory | |
| References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/89054 - VDB Entry, Vendor Advisory | 
Information
                Published : 2014-08-26 10:55
Updated : 2025-04-12 10:46
NVD link : CVE-2013-6335
Mitre link : CVE-2013-6335
CVE.ORG link : CVE-2013-6335
JSON object : View
Products Affected
                ibm
- aix
- tivoli_storage_manager
hp
- hp-ux
oracle
- solaris
linux
- linux_kernel
CWE
                
                    
                        
                        CWE-281
                        
            Improper Preservation of Permissions
