Security Bulletin: Vulnerability in Samba affects Spectrum Scale shipped with Cloud Pak System [CVE-2021-44142]

Summary

Vulnerability in Samba affects Spectrum Scale shipped with Cloud Pak System. IBM Cloud Pak System has addressed this vulnerability. [CVE-2021-44142]

Vulnerability Details

CVEID:CVE-2021-44142
**DESCRIPTION:**Samba could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds heap read write in the VFS module vfs_fruit. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code as root on the system.
CVSS Base score: 9.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218420 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

Affected Products and Versions

Remediation/Fixes

For unsupported version/release/platform IBM recommends upgrading to a fixed, supported /release/platform of the product.

IBM Cloud Pak System upgraded Spectrum Scale to Spectrum Scale version 5.0.5.14 in CLoud Pak System version 2.3.3.6.

For Cloud Pak System v2.3.0, 2.3.0.1, 2.3.1.0, v2.3.3.0, v2.3.3.1, v2.3.3.2, v2.3.3.3, v2.3.3.3 Interim Fix1, v2.3.3.4, v2.3.3.5,

Upgrade to Cloud Pak System v2.3.3.6 available at FixCentral.

Information on upgrading at : <http://www.ibm.com/support/docview.wss?uid=ibm10887959&gt;

Workarounds and Mitigations

None