Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM01119A1AF8CC68B4E104688C6B4AB93FA341C9D3B5A1495CA5EB7E4B521D6107
HistoryFeb 05, 2019 - 9:20 a.m.

Security Bulletin: IBM Spectrum Scale for IBM Elastic Storage Server is affected by the use of Local Read Only Cache (LROC) which may result in directory corruption and undetected data corruption in regular files.

2019-02-0509:20:01
www.ibm.com
14

0.001 Low

EPSS

Percentile

20.0%

JSON

Summary

The Elastic Storage Server is affected by a vulnerability in IBM Spectrum Scale where after cached data is moved from memory to the LROC device, any changes to that data should trigger invalidation of the data stored in LROC. Due to a problem with invalidation logic, it is possible for the invalidation of this LROC data to be skipped. This could lead to stale or incorrect data being recalled from LROC, with potential for the corruption of files and directories

Vulnerability Details

CVEID: CVE-2018-1993 DESCRIPTION: IBM Spectrum Scale (GPFS) where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/154440&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

The Elastic Storage Server 5.3 thru 5.3.1.1
The Elastic Storage Server 5.0.0 thru 5.2.4
The Elastic Storage Server 4.5.0 thru 4.6.0
The Elastic Storage Server 4.0.0 thru 4.0.6

Remediation/Fixes

For IBM Elastic Storage Server V5.0.0. thru 5.3.1.1, apply V5.3.2.0 available from FixCentral at:

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=5.3.0&platform=All&function=all

For IBM Elastic Storage Server V5.0.0. thru 5.2.4.0, apply V5.2.5 available from FixCentral at:

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Elastic+Storage+Server+(ESS)&release=5.2.0&platform=All&function=all

If you are unable to upgrade to ESS 5.3.2.0 or 5.2.5, please contact IBM Service to obtain an efix:

- For IBM Elastic Storage Server 5.3-5.3.1.1, reference APAR IJ10565
- For IBM Elastic Storage Server 5.0 - 5.2.4.0, reference APAR IJ10573
- For IBM Elastic Storage Server 4.0.0 - 4.6.0, reference APAR IJ11409

To contact IBM Service, see <http://www.ibm.com/planetwide/&gt;

Workarounds and Mitigations

Work-around : Although IBM recommends that you install a level of IBM Elastic Storage Server code with a fix, you can avoid this vulnerability by not enabling Local Read Only (LROC) feature in IBM Spectrum Scale.

CPENameOperatorVersion
ibm elastic storage servereqany

Related

cve 1
cvelist 1
nvd 1
ibm 1
prion 1
cve
cve
CVE-2018-1993
2019-01-08 16:29:00
cvelist
cvelist
CVE-2018-1993
2019-01-03 00:00:00
nvd
nvd
CVE-2018-1993
2019-01-08 16:29:00
ibm
ibm
Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where the use of Local Read Only Cache (LROC) may result in directory corruption and undetected data corruption in regular files.
2019-01-03 16:35:01
prion
prion
Default configuration
2019-01-08 16:29:00

0.001 Low

EPSS

Percentile

20.0%

JSON
Related for 01119A1AF8CC68B4E104688C6B4AB93FA341C9D3B5A1495CA5EB7E4B521D6107
cve1cvelist1nvd1ibm1prion1