8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
Multiple vulnerabilities have been identified in sudo and glibc. Sudo and glibc are used by IBM SmartCloud Entry. IBM SmartCloud Entry has addressed the vulnerabilities
CVEID: CVE-2017-1000368**
DESCRIPTION:** sudo could allow a local attacker to gain elevated privileges, caused by improper parsing in the get_process_ttyname() function for Linux. An attacker with privileges to execute commands could exploit this vulnerability to overwrite any file on the filesystem with his command’s output and gain root privileges on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127578 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-1000366**
DESCRIPTION:** Glibc could allow a local attacker to execute arbitrary code on the system, caused by a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack. By using specially-crafted crafted LD_LIBRARY_PATH values, an attacker could exploit this vulnerability to trigger a stack memory allocation flaw and execute arbitrary code on the system.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127452 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM SmartCloud Entry Appliance 2.3.0 through 2.3.0.4 fix pack 10,
IBM SmartCloud Entry Appliance 2.4.0 through 2.4.0.4 fix pack 10,
IBM SmartCloud Entry Appliance 3.1.0 through 3.1.0.4 fix pack 25,
IBM SmartCloud Entry Appliance 3.2.0 through 3.2.0.4 fix pack 25
Product
|
VRMF
|
APAR
|
Remediation/First Fix
—|—|—|—
SmartCloud Entry | 3.2| None| IBM SmartCloud Entry Appliance 3.2.0.4 fix pack 26:
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FIBM+SmartCloud+Entry&fixids=3.2.0.4-IBM-SCE_APPL-FP26&source=SAR
For IBM SmartCloud Entry 2.3, IBM SmartCloud Entry 2.4 and IBM SmartCloud Entry 3.1, IBM recommends upgrading to a fixed, supported release of the product.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud manager with openstack | eq | 3.2 |
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C