IBM Infosphere Streams 4.0.1.1 Remote Code Execution Vulnerability
20 Jul. 2016
Summary
IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 do not properly implement the runAsUser feature, which allows local users to obtain root group privileges via unspecified vectors.
Vulnerable Systems:
* IBM Infosphere Streams 4.0.1.1
* IBM Streams 4.1.1.0
In certain supported configurations of IBM InfoSphere Streams, setting the instance runAsUser property can result in operator code using the group id of the root user instead of the group id of the runAsUser for checking permissions.