Select Your Region

Visit the Cary, NC, US corporate headquarters site

Americas

Europe

Middle East & Africa

Asia Pacific

View our worldwide contacts list for help finding your region

Americas

Europe

Middle East & Africa

Asia Pacific

Sign In

Get access to My SAS, trials, communities and more.

Sign Out

Get access to My SAS, trials, communities and more.

SAS Sites

sas.com
Support
Blogs
Communities
Developer
Curiosity
Videos

Documentation

Learn
Brand
PartnerNet
Merchandise
  1. Security Bulletins
  2. Vulnerability in IBM Platform LSF 10.1

SAS Statement Regarding an Unspecified Vulnerability in IBM Platform LSF 10.1 That Can Enable User-Privilege Escalation

Reference Name: IBM Platform LSF 10.1 Contains an Unspecified Vulnerability That Can Enable User-Privilege Escalation (See CVE-2017-1205. See also IBM Security Bulletin: Privilege Escalation / User Impersonation affects IBM Platform LSF and IBM Spectrum LSF.)
Severity: High
Status: Fix Available

History

05-31-2017 – Assessment completed

Impact

Customer deployments of IBM Platform LSF for SAS® are vulnerable to CVE-2018-1205

Description

Platform LSF uses an external authentication framework to secure user credentials for the data stream between LSF clients and servers. By default, LSF provides an eauth executable file that uses a static authorization key to encrypt the data. As part of the installation process, changing the default key is important in order to prevent unauthorized access. However, many sites do not change this default key and, therefore, are vulnerable to CVE-2017-1205.

Solution

Customers should download and apply the patch that is available in SAS Note 60498, "Platform Suite for SAS® contains a security vulnerability."

Security Bulletins

View other security bulletins, published as part of our formal PSIRT process.

Technical Support

Get world-class technical support via our support track system.

Samples & SAS Notes

Search our extensive Knowledge Base for code samples and SAS Notes.