Security vulnerabilities have been identified in all levels of IBM Spectrum Scale and IBM GPFS that could allow: – a local attacker to execute commands as root by setting environment variables processed by setuid programs (CVE-2016-2985) – a local attacker to execute commands as root by supplying command line parameters to setuid programs (CVE-2016-2984)
CVE(s): CVE-2016-2985, CVE-2016-2984
Affected product(s) and affected version(s):
IBM Spectrum Scale V4.2.0.0 thru V4.2.0.3
IBM Spectrum Scale V4.1.1.0 thru V4.1.1.7
IBM GPFS V4.1.0.0 thru V4.1.0.8
IBM GPFS V3.5.0.0 thru V3.5.0.31
All older IBM GPFS versions no longer in service
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2aLCbbo
X-Force Database: http://ift.tt/2arxFw4
X-Force Database: http://ift.tt/2aDMcrO
from IBM Product Security Incident Response Team http://ift.tt/2arxpNP
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.