IBM Tivoli NetView for z/OS Local Privilege Escalation Vulnerability

IBM Tivoli NetView for z/OS Local Privilege Escalation Vulnerability

Release date:
Updated on:

Affected Systems:
IBM Tivoli NetView for z/OS 6.x
IBM Tivoli NetView for z/OS 5.x
IBM Tivoli NetView for z/OS 1.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57036
CVE (CAN) ID: CVE-2012-5951
 
IBM Tivoli NetView is a network management software that detects TCP/IP networks, displays network topologies, related information and management events, as well as SNMP traps, monitors network running conditions, and collects performance data.
 
IBM Tivoli NetView for z/OS 1.4, 5.1-5.4, 6.1 have security vulnerabilities. Generally, users can have security settings for Elevation of Privilege on NetView for z/OS, then execute any program with this permission.
 
<* Source: vendor

Link: http://www.securelist.com/en/advisories/51680
Http://www-01.ibm.com/support/docview.wss? Uid = swg21621163
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
IBM
---
For this reason, IBM has released a Security Bulletin (swg21621163) and corresponding patches:
Swg21621163: Security Bulletin: IBM Tivoli NetView for z/OS-Gain Permissions Vulnerability (CVE-2012-5951)
Link: http://www-01.ibm.com/support/docview.wss? Uid = swg21621163