A security vulnerability has been identified in all levels of IBM Spectrum Scale and IBM GPFS that could allow a local attacker to inject commands into setuid file parameters and execute commands as root.
CVE(s): CVE-2016-0392
Affected product(s) and affected version(s):
IBM Spectrum Scale V4.2.0.0 thru V4.2.0.2
IBM Spectrum Scale V4.1.1.0 thru V4.1.1.6
IBM GPFS V4.1.0.0 thru V4.1.0.8
IBM GPFS V3.5.0.0 thru V3.5.0.30
All older IBM GPFS versions no longer in service
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/1Za4mBF
X-Force Database: http://ift.tt/29tldws
from IBM Product Security Incident Response Team http://ift.tt/2974Yaa
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.