IBM40757940D0054030B6297C248ABB540ADB302DD9F89B94DDB202585009632F53Security Bulletin: GNU C library (glibc) vulnerability affects IBM SONAS (CVE-2013-7423)
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
Summary
IBM SONAS is shipped with GNU glibc, for which a fix is available for a security vulnerability.
Vulnerability Details
CVEID: CVE-2013-7423
DESCRIPTION: GNU glibc could allow a local attacker to obtain sensitive information, caused by an issue that could occur under high load. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 1.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100647> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:N/C:P/I:N/A:N)
Affected Products and Versions
IBM SONAS
The product is affected when running a code releases 1.5.0.0 to 1.5.2.1
Remediation/Fixes
A fix for these issues is in version 1.5.2.2 of IBM SONAS. Customers running an affected version of SONAS should upgrade to 1.5.2.2 or a later version, so that the fix gets applied.
Please contact IBM support for assistance in upgrading your system.
Workarounds and Mitigations
Workaround(s): None
Mitigation(s): None
| CPE | Name | Operator | Version |
|---|---|---|---|
| network attached storage (nas)->scale out network attached storage | eq | 1.5 |
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N