SymmetricalDataSecurity: IBM Security Bulletin: IBM Sterling Connect:Direct for UNIX default file create permissions could expose sensitive information to a local user (CVE-2016-0380).

Friday, August 5, 2016

IBM Security Bulletin: IBM Sterling Connect:Direct for UNIX default file create permissions could expose sensitive information to a local user (CVE-2016-0380).

When receiving a new data file, IBM Sterling Connect:Direct for UNIX uses create mode 664 by default. These permission settings may not be appropriate in some scenarios.

CVE(s): CVE-2016-0380

Affected product(s) and affected version(s):

IBM Sterling Connect:Direct for Unix 4.2.0
IBM Sterling Connect:Direct for Unix 4.1.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2aAa9jz
X-Force Database: http://ift.tt/2az7EKX

from IBM Product Security Incident Response Team http://ift.tt/2aAahj8

SymmetricalDataSecurity

Friday, August 5, 2016

IBM Security Bulletin: IBM Sterling Connect:Direct for UNIX default file create permissions could expose sensitive information to a local user (CVE-2016-0380).

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews