Monday, March 12, 2018

IBM Security Bulletin: SetGID and SetUID programs in IBM Workload Scheduler can be exploited to obtain privilege escalation (CVE-2018-1386)

SetGID and SetUID programs in IBM Workload Scheduler can be exploited to obtain root privileges

CVE(s): CVE-2018-1386

Affected product(s) and affected version(s):

IBM Workload Scheduler Distributed 8.6.0 FP04 and earlier
IBM Workload Scheduler Distributed 9.1.0 FP02 and earlier
IBM Workload Scheduler Distributed 9.2.0 FP02 and earlier
IBM Workload Scheduler Distributed 9.3.0 FP03 and earlier
IBM Workload Scheduler Distributed 9.4.0 FP02 and earlier

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22012171
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138208

The post IBM Security Bulletin: SetGID and SetUID programs in IBM Workload Scheduler can be exploited to obtain privilege escalation (CVE-2018-1386) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2FuIhyd
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)