• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

IBM Tivoli Continuous Data Protection for Files Insecure Default Permissions Vulnerability

IBM Tivoli Continuous Data Protection for Files is prone to an insecure-permissions vulnerability that affects the application's 'Global Download' directory.

Successfully exploiting this issue allows attackers to distribute and execute arbitrary executables to client computers managed by the vulnerable software. This may facilitate the complete compromise of all client computers.

IBM Tivoli Continuous Data Protection for Files 3.1 is vulnerable; other versions may also be affected.