There are vulnerabilities in IBM Spectrum Scale packaged with IBM Spectrum Scale RAID for the Elastic Storage Server and the GPFS Storage Server.
CVEID: CVE-2016-2985**
DESCRIPTION:** A security vulnerability has been identified in IBM Spectrum Scale and IBM GPFS that could allow a local attacker to execute commands as root by setting environment variables processed by setuid programs.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114001 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2016-2984**
DESCRIPTION:** A security vulnerability has been identified in IBM Spectrum Scale and IBM GPFS that could allow a local attacker to execute commands as root by supplying command line parameters to setuid programs.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/114000 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
The Elastic Storage Server versions 4.0, 3.5, 3.0 and 2.5
The GPFS Storage Server version 2.0
For the Elastic Storage Server 4.0.0 thru 4.0.5, upgrade to 4.0.6, available at_
_http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale+RAID&release=4.2.0&platform=All&function=all
For the Elastic Storage Server 3.5.0 thru 3.5.5, upgrade to 3.5.6 available at_
_http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale+RAID&release=4.1.1&platform=All&function=all
For the Elastic Storage Server 3.0.0 thru 3.0.5, upgrade to 3.5.6 available at _
_http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%2Bdefined%2Bstorage&product=ibm/StorageSoftware/IBM+Spectrum+Scale+RAID&release=4.1.1&platform=All&function=all
For the Elastic Storage Server 2.5.0 thru 2.5.5 and the GPFS Storage Server 2.0.0 thru 2.0.7, contact IBM Service referencing APAR IV88320. See http://www.ibm.com/planetwide/
Until the fixes can be applied, a workaround is to remove the setuid from the files in the /usr/lpp/mmfs/bin directory. Determine the set of files with setuid bit by running
ls -l /usr/lpp/mmfs/bin | grep r-s
Then reset the setuid bit for each such file by issuing this command on each file
chmod u-sfile
Once the workaround is applied, a number of commands may no longer work when not invoked by unprivileged users, including:
mmchfileset mmcrsnapshot mmdelsnapshot mmdf mmedquota mmgetacl mmlsdisk mmlsfileset mmlsfs mmlsmgr mmlspolicy mmlspool mmlsquota mmlssnapshot mmputacl mmsnapdir
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum scale raid | eq | 2.0 |