CVE-2015-7442

Name of the Vulnerable Software and Affected Versions IBM Installation Manager versions prior to 1.7.4.4 IBM Installation Manager versions 1.8.x prior to 1.8.4 Packaging Utility versions prior to 1.7.4.4 Packaging Utility versions 1.8.x prior to 1.8.4

Description The issue is related to errors in privilege management. It may allow an attacker to gain unauthorized access to confidential data, cause a denial of service, or impact data integrity. The problem can be exploited by a local user via a Trojan horse program located in /tmp with a name based on a predicted PID value.

Recommendations For IBM Installation Manager versions prior to 1.7.4.4, update to version 1.7.4.4 or later. For IBM Installation Manager versions 1.8.x prior to 1.8.4, update to version 1.8.4 or later. For Packaging Utility versions prior to 1.7.4.4, update to version 1.7.4.4 or later. For Packaging Utility versions 1.8.x prior to 1.8.4, update to version 1.8.4 or later. As a temporary workaround, consider restricting access to the /tmp directory to minimize the risk of exploitation.