7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerabilities have been identified in the GNU C Library (glibc) packages for the standard C and the standard math libraries on Linux systems, that affect IBM SmartCloud Provisioning 2.1 for Software Virtual Appliance (CVE-2014-5119, CVE-2014-0475).
CVE-ID: CVE-2014-5119
DESCRIPTION: The GNU C Library (glibc) is vulnerable to a heap-based buffer overflow, which is caused by an off-by-one error in the __gconv_translit_find() function. By setting the CHARSET environment variable to a malicious value, a local attacker might exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with root privileges.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95044> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVE-ID: CVE-2014-0475
DESCRIPTION: A directory traversal flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) might possibly use this flaw to execute arbitrary code with the privileges of that application.
CVSS Base Score: 6.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94452> for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
SmartCloud Provisioning 2.1 for IBM Provided Software Virtual Appliance
The recommended solution is download SmartCloud Provisioning 2.1 Fix Pack 5 for Software Virtual Appliance Interim Fix 2 from Fix Central and apply it as soon as practical.
None