A security vulnerability has been identified in all levels of IBM Spectrum Scale where mmfsd daemon can be prevented from servicing requests. A fix for this vulnerability is available
CVEID:CVE-2020-4925
**DESCRIPTION:**A security vulnerability in the Spectrum Scale allows a non-root user to overflow the mmfsd daemon with requests and preventing the daemon to service other requests.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191599 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Scale | ALL |
For IBM Spectrum Scale levels lower than V5.1.1, apply V5.1.1 or later available (including 5.1.2 or later) from FixCentral at:
In addition to applying the recommended code level, ensure that the sdrNotifyAuthEnabled configuration variable is set to βyesβ, which requires a cluster minimum release level of 5.1.1 or later.
See <<mmchconfig command>> for more details - <https://www.ibm.com/docs/en/spectrum-scale/5.1.1?topic=reference-mmchconfig-command>
Note : Systems running supported version should be upgraded to the current release containing the security fixes.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum scale | eq | 5.1 | |
ibm spectrum scale | eq | 5.0 |