CVE-2017-1301

Name of the Vulnerable Software and Affected Versions IBM Spectrum Protect versions 7.1 through 8.1

Description The issue allows a local attacker to launch a symlink attack. This is possible because the IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this by creating a symbolic link from a temporary file to various system files, potentially allowing the attacker to overwrite arbitrary files on the system with elevated privileges.

Recommendations For IBM Spectrum Protect versions 7.1 through 8.1, consider restricting access to temporary files created by the Backup-archive Client to minimize the risk of exploitation. As a temporary workaround, ensure that the system's file permissions are set to prevent unauthorized access to sensitive files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.