There is a vulnerability in IBM Spectrum Scale packaged with IBM Spectrum Scale RAID for the Elastic Storage Server and the GPFS Storage Server.
CVEID: CVE-2016-0392**
DESCRIPTION:** IBM General Parallel File System could allow a local attacker to inject commands into setuid file parameters and execute commands as root.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112611 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
The Elastic Storage Server versions 4.0, 3.5, 3.0 and 2.5
The GPFS Storage Server versions 2.0
For the Elastic Storage Server 4.0.0 thru 4.0.2, upgrade to 4.0.3, or later, available at
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale+RAID&release=4.2.0&platform=All&function=all
For the Elastic Storage Server 3.5.0 thru 3.5.4, upgrade to 3.5.5 available at
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale+RAID&release=4.1.1&platform=All&function=all
For the Elastic Storage Server 3.0.0 thru 3.0.5, upgrade to 3.5.5 available at
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale+RAID&release=4.1.1&platform=All&function=all
For the Elastic Storage Server 2.5.0 thru 2.5.5 and the GPFS Storage Server 2.0.0 thru 2.0.7, contact IBM Service referencing APAR IV84206 . See <http://www.ibm.com/planetwide/>
In all cases, see the release note for details on installation.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum scale raid | eq | 4.1 |