IBM Support

IT16911: LOCAL VULNERABILITIES AFFECT STERLING CONNECT:DIRECT FOR WINDOWS(CVE-2016-5991,CVE-2016-5992)

Direct links to fixes

4.6.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if008
4.7.0.4-SterlingConnectDirectforMicrosoftWindows-x86-fp0004-if007
4.7.0.4-SterlingConnectDirectforMicrosoftWindows-x86-fp0004-if016
4.7.0.4-SterlingConnectDirectforMicrosoftWindows-x86-fp0004
4.6.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if009
4.6.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if013
4.6.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if015
4.7.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005
4.6.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if018
4.7.0.4-SterlingConnectDirectforMicrosoftWindows-x86-fp0004-if023
4.7.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005-if006
4.7.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005-if013
4.7.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005-if016
4.7.0.5-SterlingConnectDirectforMicrosoftWindows-x86-fp0005-if025
4.7.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006
4.7.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if005
4.7.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if006
4.7.0.6-SterlingConnectDirectforMicrosoftWindows-x86-fp0006-if012
4.7.0.7-SterlingConnectDirectforMicrosoftWindows-x86-fp0007
4.7.0.7-SterlingConnectDirectforMicrosoftWindows-x86-fp0007-if001
4.7.0.7-SterlingConnectDirectforMicrosoftWindows-x86-fp0007-if009
4.7.0.7-SterlingConnectDirectforMicrosoftWindows-x86-fp0007-if016
4.7.0.7-SterlingConnectDirectforMicrosoftWindows-x86-fp0007-if018
4.7.0.7-SterlingConnectDirectforMicrosoftWindows-x86-fp0007-if021
4.7.0.7-SterlingConnectDirectforMicrosoftWindows-x86-fp0007-if023

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • IBM Sterling Connect:Direct for Microsoft Windows contains
    vulnerabilities that could allow a local user to increase their
    privileges or cause a denial of service when special conditions
    exist. IBM Sterling Connect:Direct for Microsoft Windows has
    addressed the applicable vulnerabilites.
    

Local fix

  • STRRTC - 494777
    VF / VF
    Circumvention: None
    

Problem summary

  • Users Affected:
    Sterling Connect:Direct for Windows 4.5.00
    Sterling Connect:Direct for Windows 4.5.01
    Sterling Connect:Direct for Windows 4.6.0
    Sterling Connect:Direct for Windows 4.7.0
    
    Problem Description:
    IBM Sterling Connect:Direct for Microsoft Windows contains
    vulnerabilities that could allow a local user to increase their
    privileges or cause a denial of service when special conditions
    exist.
    
    Platforms Affected:
    Windows
    

Problem conclusion

  • Resolution Summary:
    Addressed the applicable CVEs.
    
    Delivered In:
    Sterling Connect:Direct for Windows 4.6.0.6_iFix008
    Sterling Connect:Direct for Windows 4.7.0.4
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT16911

  • Reported component name

    STR CD FOR WIND

  • Reported component ID

    5725C9908

  • Reported release

    470

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-09-05

  • Closed date

    2016-09-15

  • Last modified date

    2016-09-15

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    STR CD FOR WIND

  • Fixed component ID

    5725C9908

Applicable component levels

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSRRVY","label":"Sterling Connect:Direct for Microsoft Windows"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.7","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Document Information

Modified date:
28 August 2023