Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMF95753792296EC2CD82AB172A1AD48F519702F193594045EDF0E160A3FF150C3
HistoryAug 01, 2018 - 4:47 p.m.

Security Bulletin: IBM Spectrum Scale and IBM GPFS are affected by a security vulnerability (CVE-2016-6115)

2018-08-0116:47:49
www.ibm.com
11

EPSS

0.046

Percentile

92.6%

JSON

Summary

A security vulnerability has been identified in IBM Spectrum Scale (GPFS) that could allow a remote authenticated attacker to overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash. This vulnerability is only applicable if:
- file encryption is being used
- the key management infrastructure has been compromised

Vulnerability Details

CVEID: CVE-2016-6115 DESCRIPTION: IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash.
CVSS Base Score: 6.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118353 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM Spectrum Scale V4.2.0.0 thru V4.2.2.0

IBM Spectrum Scale V4.1.0.0 thru V4.1.1.10

IBM GPFS V4.1.0.0 thru V4.1.0.8

Note: This vulnerability is only applicable if:

  • file encryption is being used
  • the key management infrastructure has been compromised

Remediation/Fixes

For IBM Spectrum Scale V4.2.0.0 thru V4.2.2.0, apply IBM Spectrum Scale V4.2.2.1 available from Fix Central at
https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.2.2&platform=All&function=all

For IBM Spectrum Scale V4.1.1.0 thru 4.1.1.10 and IBM GPFS V4.1.0.0 thru V4.1.0.8, apply V4.1.1.11 at http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale&release=4.1.1&platform=All&function=all

If you cannot apply the latest level of service, contact IBM Service for an efix:

  • For IBM Spectrum Scale V4.2.0.0 thru V4.2.2.0, reference APAR IV91327
  • For IBM GPFS V4.1.0 thru V4.1.0.8 and IBM Spectrum Scale V4.1.1.0 thru V4.1.1.10, reference APAR IV91328

Workarounds and Mitigations

None

Related

prion 1
cvelist 1
ibm 1
cve 1
nvd 1
prion
prion
Buffer overflow
2017-02-01 22:59:00
cvelist
cvelist
CVE-2016-6115
2017-02-01 22:00:00
ibm
ibm
Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2016-6115)
2021-03-08 18:46:02
cve
cve
CVE-2016-6115
2017-02-01 22:59:00
nvd
nvd
CVE-2016-6115
2017-02-01 22:59:00

EPSS

0.046

Percentile

92.6%

JSON
Related for F95753792296EC2CD82AB172A1AD48F519702F193594045EDF0E160A3FF150C3
prion1cvelist1ibm1cve1nvd1