Samba vulnerabilities affect IBM Spectrum Scale SMB protocol access method which could allow: – a remote authenticated attacker to gain elevated privileges on the system, caused by forwarding a Ticket Granting Ticket (TGT) to other service when using Kerberos authentication. An attacker could exploit this vulnerability to impersonate the authenticated user and gain elevated privileges on the system (2016-2125) – a remote authenticated attacker to gain elevated privileges on the system, caused by the failure of handling the PAC checksum. By using a specially-crafted Kerberos ticket, an authenticated attacker could exploit this vulnerability to gain privileges or cause the winbindd process to crash (2016-2126)
CVE(s): CVE-2016-2126, CVE-2016-2125
Affected product(s) and affected version(s):
IBM Spectrum Scale V4.2.0.0 thru V4.2.2.1
IBM Spectrum Scale V4.1.1.0 thru V4.1.1.11
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2jmxYRS
X-Force Database: http://ift.tt/2k8JxsZ
X-Force Database: http://ift.tt/2jmyxeh
from IBM Product Security Incident Response Team http://ift.tt/2k8N2jd
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.