Tuesday, December 27, 2016

IBM Security Bulletin: Vulnerabilities in Busybox affect IBM SmartCloud Entry (CVE-2014-4607 CVE-2014-9645)

IBM SmartCloud Entry is vulnerable to Busybox vulnerabilities. Attackers could exploit these vulnerabilities to execute arbitrary code on the system or cause a denial of service or load arbitrary modules by using a specially-crafted basename.

CVE(s): CVE-2014-4607, CVE-2014-9645

Affected product(s) and affected version(s):

IBM SmartCloud Entry 2.2.0 through 2.2.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.3.0 through 2.3.0.4 Appliance fix pack 7
IBM SmartCloud Entry 2.4.0 through 2.4.0.4 Appliance fix pack 7
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 22
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 22

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2i3oGIs
X-Force Database: http://ift.tt/2fmXz9G
X-Force Database: http://ift.tt/2ggg1jv



from IBM Product Security Incident Response Team http://ift.tt/2iAouxG

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.