A security vulnerability has been identified in IBM Spectrum Scale (GPFS) that could allow a remote authenticated attacker to overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash. This vulnerability is only applicable if:
- file encryption is being used
- the key management infrastructure has been compromised
CVEID: CVE-2016-6115 DESCRIPTION: IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.
CVSS Base Score: 6.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118353 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
IBM Spectrum Scale V4.2.0.0 thru V4.2.2.0
IBM Spectrum Scale V4.1.0.0 thru V4.1.1.10
IBM GPFS V4.1.0.0 thru V4.1.0.8
Note: This vulnerability is only applicable if:
For IBM Spectrum Scale V4.2.0.0 thru V4.2.2.0, apply IBM Spectrum Scale V4.2.2.1 available from Fix Central at
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.2.2&platform=All&function=all
For IBM Spectrum Scale V4.1.1.0 thru 4.1.1.10 and IBM GPFS V4.1.0.0 thru V4.1.0.8, apply V4.1.1.11 at http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.1.1&platform=All&function=all
If you cannot apply the latest level of service, contact IBM Service for an efix:
None