IBM Security Bulletin: User sessions running with root GID in IBM SPSS Modeler (CVE-2014-3038)
|
Información sobre el sistema
|
|
|
Software afectado |
IBM |
Descripción
|
IBM SPSS Modeler running on Unix platforms contains a vulnerability that could allow a local attacker to gain access to files that normally would only be available to privileged users. The server authenticates a user and spawns a new process that runs in the context of the authenticated user (setuid). But the process retains the root GID (0) and associated privileged groups so the user has access to certain system files that would normally be denied. CVE(s): CVE-2014-3038 Affected product(s)
More info:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_user_sessions_running_with_root_gid_in_ibm_spss_modeler_cve_2014_3038?lang=en_us |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2014-3038. |