7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.1%
This bulletin addresses the vulnerability which uses a flaw in glibc that can allow a local unprivileged user to gain root access on Red Hat Enterprise Linux machines used by ProtecTIER
CVEID:CVE-2014-5119
DESCRIPTION:
The GNU C Library (glibc) is vulnerable to a heap-based buffer overflow, caused by an off-by-one error in the __gconv_translit_find() function. By setting an environment variable to a malicious value, a local attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system with root privileges.
CVSS Base Score: 7.2
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/95044 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C)
ProtecTIER Enterprise Edition (PID 5639- PTA) - TS7650G
ProtecTIER Appliance Edition (PID 5639-PTB) - TS7650AP1
ProtecTIER Entry Edition (PID 5639 - PTC) - TS7610 / TS7620
IBM is providing fixes for this vulnerability in 3.1.17, 3.3.5.1 and 3.3.6. Customers running release 3.2.x, should upgrade to the 3.3 fix.** **
Below are links to download the fixes.
_ProtecTIER Enterprise Edition (PID 5639-PTA) - TS7650G _
ProtecTIER Appliance Edition (PID 5639-PTB) - TS7650AP1
http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Tape%2Bvirtualization&product=ibm/Storage_Tape/TS7650+ProtecTIER+Deduplication+Appliances&release=All&platform=All&function=all
ProtecTIER Entry Edition (PID 5639-PTC) _
For TS7610 model:
No known workarounds.