Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM702737E727126374B1B95753A3C516B3B30B5DFB07610F7636B07D2E346D87F0
HistoryMar 04, 2019 - 5:55 a.m.

Security Bulletin: Vulnerabiliies in glibc affect PowerKVM

2019-03-0405:55:02
www.ibm.com
14

0.014 Low

EPSS

Percentile

86.6%

JSON

Summary

PowerKVM is affected by vulnerabilities in glibc. IBM has now addressed these vulnerabilities.

Vulnerability Details

CVEID: CVE-2018-11237 DESCRIPTION: GNU glibc is vulnerable to a buffer overflow, caused by improper bounds of checking by the __mempcpy_avx512_no_vzeroupper function. By executing a specially-crafted program, a local attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143580&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-11236 DESCRIPTION: GNU glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds of checking by the pathname arguments in the realpath function in stdlib/canonicalize.c. By using specially-crafted pathname arguments, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143578&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2018-6485 DESCRIPTION: GNU C Library is vulnerable to a denial of service, caused by an integer overflow in the implementation of the posix_memalign in memalign functions. A local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138627&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2017-16997 DESCRIPTION: GNU C Library could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the elf/dl-load.c. By using a Trojan horse library, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136491&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

PowerKVM 3.1

Remediation/Fixes

Customers can update PowerKVM systems by using “yum update”.

Fix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 17.

Workarounds and Mitigations

none

CPENameOperatorVersion
powerkvmeq3.1

Related

nessus 58
oraclelinux 2
redhat 1
centos 1
amazon 4
openvas 41
photon 12
suse 6
fedora 7
prion 4
ubuntucve 4
osv 5
redhatcve 4
cve 4
debiancve 4
cvelist 4
f5 4
nvd 4
veracode 4
exploitdb 1
ibm 13
packetstorm 1
zdt 1
ubuntu 3
mageia 4
cloudfoundry 1
cloudlinux 1
gentoo 1
nessus
nessus
NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0040)
2019-08-12 00:00:00
CentOS 7 : glibc (CESA-2018:3092)
2018-11-16 00:00:00
Amazon Linux AMI : glibc (ALAS-2018-1109)
2018-12-07 00:00:00
oraclelinux
oraclelinux
glibc security update
2018-11-06 00:00:00
glibc security, bug fix, and enhancement update
2018-11-05 00:00:00
redhat
redhat
(RHSA-2018:3092) Moderate: glibc security, bug fix, and enhancement update
2018-10-30 04:18:01
centos
centos
glibc, nscd security update
2018-11-15 18:45:43
amazon
amazon
Medium: glibc
2018-12-06 00:24:00
Medium: glibc
2018-12-17 19:13:00
Medium: glibc
2018-04-05 17:24:00
openvas
openvas
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1386)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1024)
2020-01-23 00:00:00
openSUSE: Security Advisory for glibc (openSUSE-SU-2018:2159-1)
2018-10-26 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0066
2018-07-03 00:00:00
Critical Photon OS Security Update - PHSA-2018-0066
2018-07-03 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0159
2018-07-10 00:00:00
suse
suse
Security update for glibc (important)
2018-06-08 00:15:00
Security update for glibc (moderate)
2018-08-01 18:08:08
Security update for glibc (moderate)
2018-06-09 15:13:28
fedora
fedora
[SECURITY] Fedora 28 Update: glibc-2.27-35.fc28
2018-12-04 02:24:24
[SECURITY] Fedora 27 Update: glibc-2.26-30.fc27
2018-09-07 15:25:49
[SECURITY] Fedora 28 Update: glibc-2.27-15.fc28
2018-05-27 19:33:21
prion
prion
Buffer overflow
2018-05-18 16:29:00
Design/Logic Flaw
2017-12-18 01:29:00
Integer overflow
2018-02-01 14:29:00
ubuntucve
ubuntucve
CVE-2017-16997
2017-12-17 00:00:00
CVE-2018-11237
2018-05-18 00:00:00
CVE-2018-6485
2018-02-01 00:00:00
osv
osv
CVE-2017-16997
2017-12-18 01:29:00
CVE-2018-11237
2018-05-18 16:29:00
CVE-2018-6485
2018-02-01 14:29:00
redhatcve
redhatcve
CVE-2017-16997
2017-12-18 05:20:42
CVE-2018-11237
2019-12-27 09:29:31
CVE-2018-6485
2019-11-03 15:57:31
cve
cve
CVE-2017-16997
2017-12-18 01:29:00
CVE-2018-11237
2018-05-18 16:29:00
CVE-2018-6485
2018-02-01 14:29:00
debiancve
debiancve
CVE-2017-16997
2017-12-18 01:29:00
CVE-2018-11237
2018-05-18 16:29:00
CVE-2018-6485
2018-02-01 14:29:00
cvelist
cvelist
CVE-2017-16997
2017-12-18 01:00:00
CVE-2018-11237
2018-05-18 16:00:00
CVE-2018-6485
2018-02-01 14:00:00
f5
f5
K43546166 : glibc vulnerability CVE-2017-16997
2018-12-11 00:00:00
K35981055 : glibc vulnerability CVE-2018-11237
2018-06-29 00:00:00
K62463634 : glibc vulnerability CVE-2018-6485
2018-03-19 00:00:00
nvd
nvd
CVE-2017-16997
2017-12-18 01:29:00
CVE-2018-11237
2018-05-18 16:29:00
CVE-2018-6485
2018-02-01 14:29:00
veracode
veracode
Privilege Escalation
2019-01-15 09:25:27
Buffer Overflow
2019-05-16 03:18:40
Integer Overflow
2019-05-16 03:18:40
exploitdb
exploitdb
GNU glibc < 2.27 - Local Buffer Overflow
2018-05-24 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to a Publicly disclosed vulnerability from GNU glibc (CVE-2018-11237)
2019-04-17 16:55:01
Security Bulletin: IBM QRadar SIEM is vulnerable to publicly disclosed vulnerability from GNU glibc (CVE-2018-11237)
2019-03-05 18:25:02
Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2018-6485)
2018-08-29 03:20:51
packetstorm
packetstorm
GNU glibc Local Buffer Overflow
2018-05-24 00:00:00
zdt
zdt
glibc 2.27 #GNU - Local Buffer Overflow Exploit
2018-05-24 00:00:00
ubuntu
ubuntu
GNU C Library vulnerability
2019-12-10 00:00:00
GNU C Library vulnerabilities
2020-07-06 00:00:00
GNU C Library vulnerabilities
2024-05-02 00:00:00
mageia
mageia
Updated glibc packages fix security vulnerabilities
2018-01-25 15:47:25
Updated glibc packages fix security vulnerabilities
2018-01-25 15:47:25
Updated glibc packages fix security vulnerability
2018-03-06 10:55:33
cloudfoundry
cloudfoundry
USN-4416-1: GNU C Library vulnerabilities | Cloud Foundry
2020-08-27 00:00:00
cloudlinux
cloudlinux
glibc: Fix of 2 CVEs
2024-06-06 17:21:49
gentoo
gentoo
glibc: Multiple vulnerabilities
2018-04-04 00:00:00

0.014 Low

EPSS

Percentile

86.6%

JSON
Related for 702737E727126374B1B95753A3C516B3B30B5DFB07610F7636B07D2E346D87F0
nessus58oraclelinux2redhat1centos1amazon4openvas41photon12suse6fedora7prion4ubuntucve4osv5redhatcve4cve4debiancve4cvelist4f54nvd4veracode4exploitdb1ibm13packetstorm1zdt1ubuntu3mageia4cloudfoundry1cloudlinux1gentoo1