Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM7753913DD68399ADC9E0121A0C799C724A906822AF0DC30D6731A692C2966EC8
HistoryJul 19, 2020 - 12:49 a.m.

Security Bulletin: Grep vulnerabilities affect IBM SmartCloud Entry (CVE-2012-5667)

2020-07-1900:49:12
www.ibm.com
11

EPSS

0.007

Percentile

80.0%

JSON

Summary

IBM SmartCloud Entry is vulnerable to several Grep vulnerabilities. Remote attackers can exploit them to obtain sensetive information or launch further attacks on the system.

Vulnerability Details

CVEID: CVE-2012-5667**
DESCRIPTION:** grep is vulnerable to a heap-based buffer overflow, caused by an integer overflow when parsing very long lines. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/80811 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products and Versions

IBM SmartCloud Entry 2.2.0 through 2.2.0.3 Appliance fix pack 3
IBM SmartCloud Entry 2.3.0 through 2.3.0.3 Appliance fix pack 3
IBM SmartCloud Entry 2.4.0 through 2.4.0.3 Appliance fix pack 3
IBM SmartCloud Entry 3.1.0 through 3.1.0.4 Appliance fix pack 17
IBM SmartCloud Entry 3.2.0 through 3.2.0.4 Appliance fix pack 17

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM SmartCloud Entry| 2.2| None| IBM SmarctCloud Entry 2.2.0 Appliance fix pack 4:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+Starter+Kit+for+Cloud&release=All&platform=All&function=fixId&fixids=2.2.0.4-IBM-SKC_APPL-FP004&includeSupersedes=0
IBM SmartCloud Entry| 2.3| None| IBM SmartCloud Entry 2.3.0 Appliance fix pack 4:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=2.3.0.3&platform=All&function=fixId&fixids=2.3.0.4-IBM-SCE_APPL-FP004&includeSupersedes=0
IBM SmartCloud Entry| 2.4| None| IBM SmartCloud Entry 2.4.0 Appliance fix pack 4:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=2.4.0.3&platform=All&function=fixId&fixids=2.4.0.4-IBM-SCE_APPL-FP004&includeSupersedes=0
IBM SmartCloud Entry| 3.1| None| IBM SmartCloud Entry 3.1.0 Appliance fix pack 18:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=All&platform=All&function=fixId&fixids=3.1.0.4-IBM-SCE_APPL-FP18&includeSupersedes=0
IBM SmartCloud Entry| 3.2| None| IBM SmartCloud Entry 3.2.0 Appliance fix pack 18:
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/IBM+SmartCloud+Entry&release=All&platform=All&function=fixId&fixids=+3.2.0.4-IBM-SCE_APPL-FP18+&includeSupersedes=0

Workarounds and Mitigations

None known

Related

seebug 1
nessus 8
cvelist 1
cve 1
veracode 2
nvd 1
prion 1
debiancve 1
zdt 2
gentoo 1
ubuntucve 1
openvas 4
exploitpack 1
f5 1
packetstorm 1
exploitdb 1
ibm 3
redhat 1
oraclelinux 1
amazon 1
centos 1
seebug
seebug
Grep < 2.11 Integer Overflow Crash PoC
2014-07-01 00:00:00
nessus
nessus
F5 Networks BIG-IP : Grep vulnerability (K69662152)
2017-06-29 00:00:00
Oracle Solaris Third-Party Patch Update : grep (cve_2012_5667_heap_buffer)
2015-01-19 00:00:00
GLSA-201403-07 : grep: User-assisted execution of arbitrary code
2014-03-27 00:00:00
cvelist
cvelist
CVE-2012-5667
2013-01-03 11:00:00
cve
cve
CVE-2012-5667
2013-01-03 11:54:25
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:06:47
Denial Of Service (DoS) Through Heap Out-of-Bounds (OOB) Read
2019-05-02 05:41:03
nvd
nvd
CVE-2012-5667
2013-01-03 11:54:25
prion
prion
Integer overflow
2013-01-03 11:54:00
debiancve
debiancve
CVE-2012-5667
2013-01-03 11:54:25
zdt
zdt
Grep <2.11 INT overflow, DoS, CMD Execution
2012-12-30 00:00:00
Grep < 2.11 Integer Overflow Crash PoC
2012-12-31 00:00:00
gentoo
gentoo
grep: User-assisted execution of arbitrary code
2014-03-26 00:00:00
ubuntucve
ubuntucve
CVE-2012-5667
2013-01-03 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201403-07
2015-09-29 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-598)
2015-09-25 00:00:00
Oracle: Security Advisory (ELSA-2015-1447)
2015-10-06 00:00:00
exploitpack
exploitpack
Grep 2.11 - Integer Overflow Crash (PoC)
2012-12-31 00:00:00
f5
f5
K69662152 : Grep vulnerability CVE-2012-5667
2017-06-29 00:00:00
packetstorm
packetstorm
Grep Integer Overflow
2012-12-31 00:00:00
exploitdb
exploitdb
Grep &lt; 2.11 - Integer Overflow Crash (PoC)
2012-12-31 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in GNU grep utility affect IBM Security Network Protection (CVE-2012-5667, and CVE-2015-1345)
2018-06-16 21:38:15
Security Bulletin: Multiple vulnerabilities in GNU grep affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-1345, CVE-2012-5667)
2018-06-17 22:32:53
IBM Security Network Protection / IBM QRadar Network Security / XGS Technote Index
2021-01-31 00:10:25
redhat
redhat
(RHSA-2015:1447) Low: grep security, bug fix, and enhancement update
2015-07-22 00:00:00
oraclelinux
oraclelinux
grep security, bug fix, and enhancement update
2015-07-28 00:00:00
amazon
amazon
Low: grep
2015-09-22 10:00:00
centos
centos
grep security update
2015-07-26 14:11:37

EPSS

0.007

Percentile

80.0%

JSON
Related for 7753913DD68399ADC9E0121A0C799C724A906822AF0DC30D6731A692C2966EC8
seebug1nessus8cvelist1cve1veracode2nvd1prion1debiancve1zdt2gentoo1ubuntucve1openvas4exploitpack1f51packetstorm1exploitdb1ibm3redhat1oraclelinux1amazon1centos1