Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM240AC91BB96BC86917D22E049261493087941E7C50AF9347091F45E9AC142F44
HistoryJun 15, 2018 - 7:05 a.m.

Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2015-7403)

2018-06-1507:05:34
www.ibm.com
11

EPSS

0.001

Percentile

33.4%

JSON

Summary

A security vulnerability has been identified in the current levels of IBM Spectrum Scale V4.1.1, IBM GPFS V4.1 and V3.5 that could allow a local attacker to cause the node they are on to crash.

IBM PureApplication System provides a GPFS pattern and addressed the applicable CVE.

Vulnerability Details

CVEID: CVE-2015-7403 DESCRIPTION: IBM General Parallel File System is vulnerable to a denial of service, caused by a user pointer dereference. A local attacker could exploit this vulnerability to cause the GPFS they are on to crash.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107108 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

· IBM PureApplication System V2.0 (GPFS Pattern type 1.2.0.0, 1.2.0.1, and 1.2.0.2) using IBM GPFS V3.5.0.19
· IBM PureApplication System V2.1.0.1 (GPFS Pattern type 1.2.1.0) using IBM GPFS V4.1.0.5
· IBM PureApplication System V2.1.0.2 (GPFS Pattern type 1.2.2.0) using IBM GPFS V4.1.0.7
· IBM PureApplication System V2.1.1.0 (GPFS Pattern type 1.2.3.0) using IBM GPFS V4.1.0.7
· IBM PureApplication System V2.1.2.0 (GPFS Pattern type 1.2.4.0) using IBM GPFS V4.1.1.2
· IBM PureApplication System V2.2.0 (GPFS Pattern type 1.2.5.0) using IBM GPFS V4.1.1.3

Remediation/Fixes

GPFS server or client instances deployed with the affected GPFS Pattern versions are vulnerable. To determine whether deployed GPFS server or client instances are affected by these GPFS security vulnerabilities, run the Get Cluster Status operation ( for a GPFS server instance ) or the GPFS Client Status operation ( for a GPFS client instance ) to verify the version reported for the GPFS nodes.

The solution is to apply one of the following interim fixes:

GPFS 3.5.0.29
http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.0.0.1&platform=All&function=fixId&fixids=update-gpfs-3.5.0.29&includeRequisites=1&includeSupersedes=0

GPFS 4.1.1.5
http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.1.1.0&platform=Linux&function=fixId&fixids=update-gpfs-4.1.1.5&includeRequisites=0&includeSupersedes=0&downloadMethod=http

Workarounds and Mitigations

None

Related

cvelist 1
ibm 3
nvd 1
prion 1
cve 1
cvelist
cvelist
CVE-2015-7403
2016-01-02 21:00:00
ibm
ibm
Security Bulletin: IBM Spectrum Scale V4.1.1, IBM GPFS V4.1, and IBM V3.5 for AIX are affected by a security vulnerability (CVE-2015-7403)
2021-06-25 16:46:35
Security Bulletin: IBM Spectrum Scale V4.1.1, IBM GPFS V4.1, and IBM V3.5 for AIX are affected by a security vulnerability (CVE-2015-7403)
2018-08-01 21:26:41
Security Bulletin: Vulnerabilities in GPFS affect IBM® DB2® LUW on AIX and Linux (CVE-2015-4974, CVE-2015-4981 & CVE-2015-7403)
2018-06-16 13:37:25
nvd
nvd
CVE-2015-7403
2016-01-02 21:59:04
prion
prion
Null pointer dereference
2016-01-02 21:59:00
cve
cve
CVE-2015-7403
2016-01-02 21:59:04

EPSS

0.001

Percentile

33.4%

JSON
Related for 240AC91BB96BC86917D22E049261493087941E7C50AF9347091F45E9AC142F44
cvelist1ibm3nvd1prion1cve1