IBMDAF96CC7FDD622F8E28791075010AD2B6C155A9758A74D7A53185A5DD46E4C4DSecurity Bulletin: Vulnerabilities in glibc affect Power Hardware Management Console (CVE-2014-8121)
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.016 Low
EPSS
Percentile
85.6%
Summary
glibc is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs.
Vulnerability Details
CVEID: CVE-2014-8121**
DESCRIPTION:** GNU C Library (glibc) is vulnerable to a denial of service, caused by the failure to properly check if a file is open by DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS). By performing a look-up on a database while iterating over it, an attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/102652 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Affected Products and Versions
Power HMC V7.3.0.0
Power HMC V7.8.0.0
Power HMC V7.9.0.0
Remediation/Fixes
Product
|
VRMF
|
APAR
|
Remediation/Fix
—|—|—|—
Power HMC
|
V8.730.0 SP1
|
MB03965
|
Power HMC
|
V7.780.0 SP2
|
MB03965
|
Power HMC
|
V7.790.0 SP2
|
MB03966
|
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| power system hardware management console physical appliance | eq | any |
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.016 Low
EPSS
Percentile
85.6%