CVE-2015-0197

CVE-2015-0197, CVE-2015-0198, and CVE-2015-0199 pertain to IBM GPFS (General Parallel File System) across GPFS 3.4/3.5/4.1 and related IBM products. The initial sources describe: CVE-2015-0197: local attacker with non-privileged account can execute programs with root privileges (vector: local). A...

IBM General Parallel File System Bypass Authentication to Execute Code Vulnerability

The IBM General Parallel File System is a shared file system that originated from the virtual shared disk technology used on IBM SP systems. A security vulnerability exists in IBM General Parallel File System that allows remote attackers to exploit the vulnerability to bypass authentication and...

IBM General Parallel File System ROOT Privilege Execution Vulnerability

The IBM General Parallel File System is a shared file system that originated from the virtual shared disk technology used on IBM SP systems. A ROOT privilege execution vulnerability exists in IBM General Parallel File System, which could be exploited by a local attacker to execute arbitrary...

IBM General Parallel File System Multiple Vulnerabilities (Windows) (POODLE)

A version of IBM General Parallel File System GPFS 3.5.x prior to 3.5.0.21 is installed on the remote Windows host. It is, therefore, affected by the following OpenSSL related vulnerabilities : - An error exists related to DTLS SRTP extension handling and specially crafted handshake messages that...

IBM General Parallel File System OpenSSH Memory Corruption

A version of IBM General Parallel File System GPFS that is 3.5.0.11 or later but prior to 3.5.0.19 is installed on the remote host. It is, therefore, affected by a memory corruption issue in the bundled version of OpenSSH. The issue exists due to a failure to initialize certain data structures wh...

IBM General Parallel File System OpenSSL Security Bypass (Windows)

A version of IBM General Parallel File System GPFS 3.5.0.11 or later but prior to 3.5.0.18 is installed on the remote host. It is, therefore, affected by an unspecified error that could allow an attacker to cause usage of weak keying material, leading to simplified man-in-the-middle attacks. C...

IBM DB2 9.8 <= Fix Pack 5 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 running on the remote host is version 9.8 prior or equal to Fix Pack 5. It is, therefore, affected by one or more of the following vulnerabilities : - An unspecified error exists in the GSKit component when initiating SSL/TLS connections due t...

IBM General Parallel File System 3.5 < 3.5.0.17 Multiple OpenSSL Vulnerabilities (Heartbleed)

A version of IBM General Parallel File System GPFS prior to 3.5.0.17 is installed on the remote host. It is, therefore, affected by multiple vulnerabilities related to OpenSSL: - An information disclosure vulnerability exists due to a flaw in the OpenSSL library, due to an implementation error in...

IBM General Parallel File System Detection

Binary data ibmgpfsinstalled.nbin...

IBM General Parallel File System 3.4 < 3.4.0.27 / 3.5 < 3.5.0.16 DoS (Debian)

A version of IBM General Parallel File System GPFS prior to 3.4.0.27 / 3.5.0.16 is installed on the remote host. It is, therefore, affected by a denial of service vulnerability. An authenticated, non-root attacker can exploit this vulnerability by passing certain arguments to 'setuid' commands,...

IBM General Parallel File System 3.4 < 3.4.0.27 / 3.5 < 3.5.0.16 DoS (RHEL)

A version of IBM General Parallel File System GPFS prior to 3.4.0.27 / 3.5.0.16 is installed on the remote host. It is, therefore, affected by a denial of service vulnerability. An authenticated, non-root attacker can exploit this vulnerability by passing certain arguments to 'setuid' commands,...

IBM General Parallel File System 3.4 < 3.4.0.27 / 3.5 < 3.5.0.16 DoS (SLES)

A version of IBM General Parallel File System GPFS prior to 3.4.0.27 / 3.5.0.16 is installed on the remote host. It is, therefore, affected by a denial of service vulnerability. An authenticated, non-root attacker can exploit this vulnerability by passing certain arguments to 'setuid' commands,...