Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM93292ED94EEFD4C318597D4D01242CEA96083DDA1A1428051FF4B48DBEC2E8D0
HistoryJan 31, 2019 - 2:25 a.m.

Security Bulletin: Vulnerability in GNU C Library affects IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch firmware (CVE-2015-5277)

2019-01-3102:25:02
www.ibm.com
5

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Summary

IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch firmware has addressed the following vulnerability in GNU C Library.

Vulnerability Details

Summary

IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch firmware has addressed the following vulnerability in GNU C Library.

Vulnerability Details:

CVEID: CVE-2015-5277

Description: GNU C Library (glibc) could allow a local attacker to gain elevated privileges on the system, caused by a heap corruption error in the nss_files backend for the Name Service Switch. An attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges.

CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/108484&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Product Affected Version
IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware 3.3-3.5

Remediation/Fixes:

Firmware fix versions are available on Fix Central:
<http://www.ibm.com/support/fixcentral/&gt;.

Product Fix Version
IBM Flex System EN6131 40Gb Ethernet / IB6131 40Gb Infiniband Switch Firmware
mlnx_fw_ppc_m460ex-sx-3.6.2002_anyos_noarch 3.6.2002

Workaround(s) & Mitigation(s):

None

References:

Related Information:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
Lenovo Product Security Advisories

Acknowledgement

None

Change History
10 February 2017: Original Copy Published

  • The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Related

redhat 2
nessus 10
ibm 3
oraclelinux 1
openvas 7
cve 1
prion 1
ubuntucve 1
debiancve 1
centos 1
amazon 1
gentoo 1
ubuntu 2
cloudfoundry 1
packetstorm 1
redhat
redhat
(RHSA-2015:2172) Important: glibc security update
2015-11-19 15:39:46
(RHSA-2015:2589) Important: glibc security update
2015-12-09 08:43:11
nessus
nessus
Scientific Linux Security Update : glibc on SL7.x x86_64_important (20151119)
2015-12-29 00:00:00
CentOS 7 : glibc (CESA-2015:2172)
2015-12-02 00:00:00
RHEL 7 : glibc (RHSA-2015:2172)
2015-11-20 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in Open Source GNU glibc affects IBM OS Images for Red Hat Linux Systems. (CVE-2015-5277)
2018-06-15 07:05:57
Security Bulletin: Multiple vulnerabilities in the GNU C Library (glibc) affect PowerKVM
2018-06-18 01:30:38
Security Bulletin: Security Vulnerabilities in OpenSSL, glibc, gcc, Net-SNMP, and OpenSSH affect IBM Security Proventia Network Enterprise Scanner
2018-06-16 21:41:08
oraclelinux
oraclelinux
glibc security update
2015-11-25 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2015-2172)
2015-11-27 00:00:00
RedHat Update for glibc RHSA-2015:2172-01
2015-11-20 00:00:00
RedHat Update for glibc RHSA-2016:2573-02
2016-11-04 00:00:00
cve
cve
CVE-2015-5277
2015-12-17 19:59:00
prion
prion
Heap overflow
2015-12-17 19:59:00
ubuntucve
ubuntucve
CVE-2015-5277
2015-12-17 00:00:00
debiancve
debiancve
CVE-2015-5277
2015-12-17 19:59:00
centos
centos
glibc, nscd security update
2015-12-01 22:24:31
amazon
amazon
Important: glibc
2015-12-14 10:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2017-02-19 00:00:00
ubuntu
ubuntu
GNU C Library regression
2016-05-26 00:00:00
GNU C Library vulnerabilities
2016-05-25 00:00:00
cloudfoundry
cloudfoundry
USN-2985-2 GNU C Library regression | Cloud Foundry
2016-06-13 00:00:00
packetstorm
packetstorm
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
2019-09-04 00:00:00

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for 93292ED94EEFD4C318597D4D01242CEA96083DDA1A1428051FF4B48DBEC2E8D0
redhat2nessus10ibm3oraclelinux1openvas7cve1prion1ubuntucve1debiancve1centos1amazon1gentoo1ubuntu2cloudfoundry1packetstorm1