7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
PowerKVM is affected by multiple flac vulnerabilities.
CVEID: CVE-2014-8962**
DESCRIPTION:** The libFLAC library, which is used to process FLAC (Free Lossless Audio Codec) files is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by stream_decoder.c. By persuading a victim to open a specially-crafted .flac file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/98938 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2014-9028**
DESCRIPTION:** The libFLAC library, which is used to process FLAC (Free Lossless Audio Codec) files is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by stream_decoder.c. By persuading a victim to open a specially-crafted .flac file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/98939 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Effective CVSS Score: 6.80
PowerKVM 2.1
Fix is made available via Fix Central (https://ibm.biz/BdEnT8) in 2.1.1 SP2 (build 51) and all later builds and fix packs. For systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions. Customers can also update from 2.1.1 (GA and later levels) by using “yum update”.
none