Privilege Escalation in IBM Systems Director by Local Users
CVE-2010-4274

Currently unrated

Key Information:

Vendor: IBM
Status: Director Agent
Vendor: CVE Published:; 17 November 2010

Summary

A vulnerability exists in the Common agent of IBM Systems Director 6.2.0 where the reset_diragent_keys function is improperly configured with 754 permissions. This misconfiguration allows local users to leverage their group membership to gain elevated privileges on the affected system, potentially compromising its integrity and security.

References

http://secunia.com/advisories/42239

third-party-advisoryx_refsource_SECUNIA

http://www-01.ibm.com/support/docview.wss?uid=isg1IC71821

vendor-advisoryx_refsource_AIXAPAR

http://www.vupen.com/english/advisories/2010/2978

vdb-entryx_refsource_VUPEN

Timeline

Vulnerability published
Nov 17, 2010
Vulnerability Reserved
Nov 16, 2010