Lucene search

K
ibmIBM9242F5F4636D9D5E6BC415C0976986849485D113A030592ECDEE1CCA74C74EE1
HistoryAug 01, 2022 - 3:09 p.m.

Security Bulletin: Vulnerability in glibc affect OS Image for Red Hat Enterprise Linux shipped with Cloud Pak System (CVE-2020-27618)

2022-08-0115:09:42
www.ibm.com
18
vulnerability
glibc
ibm os image
red hat enterprise linux
cloud pak system
cve-2020-27618
upgrade

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

21.7%

Summary

Vulnerability found in glibc used by IBM OS Image for Red Hat Enterprise Linux shipped with Cloud Pak System (CVE-2020-27618). IBM Cloud Pak System addressed vulnerability shipped new base OS image based on Red Hat Enterprise Linux 8.4.

Vulnerability Details

CVEID:CVE-2020-27618
**DESCRIPTION:**GNU C Library (aka glibc or libc6) is vulnerable to a denial of service, caused by an error when processing some invalid inputs from several IBM character sets in the iconv function. By sending invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, IBM1399 encodings, a local authenticated attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196446 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM OS Image for Red Hat Linux Systems 3.0

Remediation/Fixes

If you are using an earlier unsupported release, IBM strongly recommends that you upgrade.

For Cloud Pak System v2.3.0.1, v2.3.1.1, v.2.3.2.0, v2.3.3.0, v2.3.3.1, v.2.3.3.2, v2.3.3.3, v2.3.3.3 Interim Fix 1, upgrade to Cloud Pak System v2.3.3.4 at Fix Central.

Information on upgrading at: <http://www.ibm.com/support/docview.wss?uid=ibm10887959&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcloud_pak_systemMatch2.3.0

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

21.7%