copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » Security Bul... » AusCERT Exte... » ESB-2011.1281 - [Linux][HP-UX][Solaris][AIX] Tivoli ...
 

ESB-2011.1281 - [Linux][HP-UX][Solaris][AIX] Tivoli Federated Identity Manager: Increased privileges - Existing account
Date: 23 December 2011

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2011.1281
                 DB2 Escalation of Privilege Vulnerability
                             23 December 2011

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Tivoli Federated Identity Manager
Publisher:         IBM
Operating System:  Linux variants
                   AIX
                   HP-UX
                   Solaris
Impact/Access:     Increased Privileges -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2011-4061  

Original Bulletin: 
   http://www.ibm.com/support/docview.wss?uid=swg21576372&myns=swgimgmt&mynp=OCSSEPGG&mync=E

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: DB2 Escalation of Privilege Vulnerability (CVE-2011-4061)

Flash (Alert)

Abstract

The IBM Tivoli Monitoring Agent shipped with IBM DB2 V9.5 and V9.7 products
contains an escalation of privilege vulnerability.

Content

VULNERABILITY DETAILS

CVE ID: CVE-2011-4061

DESCRIPTION:

The IBM DB2 products listed below bundle IBM Tivoli Monitoring Agent (ITMA),
provided for users of the Optim Database Administrator product. ITMA is
intended to be used with DB2 only for supplying monitoring information to the
IBM Optim Database Administrator Health and Availability monitoring feature.
There is a vulnerability in ITMA that can permit a local user to exploit to
gain escalated privilege. The vulnerability exists in ITMA for certain DB2
products/editions on specified UNIX and Linux operating platforms, but not on
DB2 for Windows.

CVSS:

CVSS Base Score: 6.9
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/68354 for the
  current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:L/AC:M/Au:N/C:C/I:C/A:C)

AFFECTED PLATFORMS:

The following IBM DB2 V9.5 and V9.7 editions running on AIX, Linux, HP and
Solaris:

IBM DB2 9.7 Express Edition
IBM DB2 9.7 Workgroup Server Edition
IBM DB2 9.7 Enterprise Server Edition
IBM DB2 9.7 Advanced Enterprise Server Edition
IBM DB2 Connect 9.7 Application Server Edition
IBM DB2 Connect 9.7 Enterprise Edition
IBM DB2 Connect 9.7 Unlimited Edition for System i
IBM DB2 Connect 9.7 Unlimited Edition for System z


IBM DB2 9.5 Express Edition
IBM DB2 9.5 Workgroup Server Edition
IBM DB2 9.5 Enterprise Server Edition
IBM DB2 9.5 Advanced Enterprise Server Edition
IBM DB2 Connect 9.5 Application Server Edition
IBM DB2 Connect 9.5 Enterprise Edition
IBM DB2 Connect 9.5 Unlimited Edition for System i
IBM DB2 Connect 9.5 Unlimited Edition for System z


REMEDIATION:

The currently recommended interim solution is to follow the
workaround and/or the mitigation steps described below. When a fix becomes
available, apply the appropriate fix.

Fix:

Fixes for this vulnerability are planned to be made available in future fix
packs of DB2 releases V9.5 and V9.7.

Workaround:

The workaround is to remove the SUID bit from the executable kbbacf1. The
impact of the change is that logging into the service console will no longer be
possible due to the authentication being unsuccessful unless ITMA is run as
root.

First, verify whether the fix is necessary. As root, issue the following
command from DB2_DIR/itma:

find . -type f -perm +6000 -exec ls -l {} \;

If the output from the above find command is empty, no fix is necessary. If it
comes back with something similar to the following:

- -rwsr-xr-x 1 root root 8558 Nov 3 20:03 ./tmaitm6/lx8266/bin/kbbacf1

please refer to the following procedure:

1. Change to the directory given by the find command (e.g. tmaitm6/lx8266/bin)
2. Issue the following command as root to remove the SUID bit from kbbacf1:

chmod 0755 kbbacf1


Mitigation:

DB2 installs ITMA by default. However, ITMA is not required unless you are
using Optim Database Administrator to monitor DB2. If you are not using ITMA
for this purpose, you can uninstall it to mitigate the vulnerability. Refer to
the following links for the uninstall information:

V9.7:
http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/index.jsp?topic=/com.ibm.db2.luw.qb.server.doc/doc/t0054822.html

V9.5:
http://publib.boulder.ibm.com/infocenter/db2luw/v9r5/index.jsp?topic=/com.ibm.db2.luw.qb.server.doc/doc/t0054822.html


REFERENCES:

Complete CVSS Guide
  http://www.first.org/cvss/cvss-guide.html
On-line Calculator V2
  http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2
X-Force Vulnerability Database - IBM DB2 DT_RPATH code execution
  http://xforce.iss.net/xforce/xfdb/68354
CVE-2011-4061
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4061

*The CVSS Environment Score is customer environment specific and will ultimately
impact the Overall CVSS Score. Customers can evaluate the impact of this
vulnerability in their environments by accessing the links in the Reference
section of this Flash.


Note: According to the Forum of Incident Response and Security Teams (FIRST),
the Common Vulnerability Scoring System (CVSS) is an "industry open standard
designed to convey vulnerability severity and help to determine urgency and
priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF
ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS

Note: IBMs statements regarding its plans, directions, and intent are subject
to change or withdrawal without notice at IBMs sole discretion. Information
regarding potential future products is intended to outline our general product
direction and it should not be relied on in making a purchasing decision. The
information mentioned regarding potential future products is not a commitment,
promise, or legal obligation to deliver any material, code or functionality.
Information about potential future products may not be incorporated into any
contract. The development, release, and timing of any future features or
functionality described for our products remains at our sole discretion.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBTvPMbe4yVqjM2NGpAQJcrA/+PF5VIVlUbd4fxQvQblhgt9JZj7Vn6yB1
0D0gjKYa6fvX9CbUy/RgbRmNpwO0/eUm3T6ibJkya4hGRF1YIuqAklNoVYkxbVds
5Afw6I5LPfzV/3Y9ddqGB3dtV2axIvKez1EdRLC1+JJgaXaeO9y2AWm/H43DzMLY
MiwOwXZaC+1pjBF72je8D5BJ7uZ3daLWkzo2LkicEfXg8yiP0DH4xMRzIPb0vyOr
skxYqS1lsjrk7OoMGHTI1Fpiv553CFPQQPO9rc4d5DuunmIS4zHJ2Oej9SDgvX7a
JneQs4u1ipQ1SKwFE/KV0oq7pG37l6eF/LAJ/9zxMsDW4K/CbVcOfpLeVcYBx4ng
OVcMf6SkuXCaolBliuQtH8YBAEYEh1KMSk16YGYnv0/zMvq5dMn6ILddMWaXOtjO
YRLidoIqVwhB8zQNpGGYZA4KXEyHrU4red8Ztyclmehe4jTg2cAbVMoZ4DN/u4qO
0jiA1LLJNTYuJCBykc1z5yD9Wf5lJXxWkbmBHu82J3jNXZNXdXepdC26eIm627Dr
v58eYBp+nUXFv+kV+0yqpJsWGlWJS1HZaPcbkpKU0R0ImAfdVOkBDXxefnsm6dVr
BhEFtiwl3au8/pvb7n6RKqeej+/8FyDrSLoR5yExI/EBleob+Yg9GE2/dCOHpZPC
JLOsyr1+L70=
=ghvQ
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=1980&it=15265