Title: Local privilege escalation in agent plugin 'mk_tsm'
Class: security
Compatible: incomp
Component: checks
Date: 1702411459
Edition: cre
Level: 1
Version: 2.2.0p18
By crafting a malicious command that then shows up in the output of
<code>ps</code> users of monitored hosts could gain root privileges.
This was achieved by exploiting the insufficient quoting when using ksh's
<code>eval</code> to create the required environment.
This issue was found during internal review.
<h3>Affected Versions</h3>
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL) and older
<h3>Mitigations</h3>
If updating is not possible, disable the Tivoli Storage Manager plugin.
<h3>Vulnerability Management</h3>
We have rated the issue with a CVSS score of 8.8 (High) with the following CVSS vector:
<code>CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H</code>
We have assigned <code>CVE-2023-6735</code>.
<h3>Changes</h3>
With this change we no longer use <code>eval</code> and fixe the quoting.
This prevents variable exports being missinterpreted as commands to execute.