6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.133 Low
EPSS
Percentile
94.8%
glibc is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs.
CVEID: CVE-2015-1781**
DESCRIPTION:** GNU C Library (glibc) is vulnerable to a buffer overflow, caused by improper bounds checking by the gethostbyname_r() and other related functions. By sending a specially-crafted argument, a remote attacker could overflow a buffer and execute arbitrary code on the system elevated privileges or cause the application to crash.
CVSS Base Score: 5.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102500> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Power HMC V8.1.0.0
Power HMC V8.2.0.0
Power HMC V8.3.0.0
The following fixes are available on IBM Fix Central at: http://www-933.ibm.com/support/fixcentral/
Product|
VRMF|
APAR|
Remediation/First Fix
—|—|—|—
Power HMC|
V8.8.1.0 SP2|
MB03920|
Apply eFix MH01532
Power HMC|
V8.8.2.0 SP1|
MB03926|
Apply eFix MH01538
Power HMC|
V8.8.3.0|
MB03927|
Apply eFix MH01539
Note:
1. For unsupported releases IBM recommends upgrading to a fixed, supported release of the product.
2. After applying the PTF, you should restart the HMC.
None
CPE | Name | Operator | Version |
---|---|---|---|
power system hardware management console physical appliance | eq | any |