Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM3EC2F1FC7DDC9B9AEC870861C8B569AD08A4CF66602427BD87FC89B55EBAF2DE
HistoryJun 18, 2018 - 1:28 a.m.

Security Bulletin: PowerKVM is affected by a kexec-tools vulnerability (CVE-2015-0267)

2018-06-1801:28:38
www.ibm.com
8

0.0004 Low

EPSS

Percentile

5.1%

JSON

Summary

PowerKVM is affected by a kexec-tools vulnerability (CVE-2015-0267).

Vulnerability Details

CVEID: CVE-2015-0267**
DESCRIPTION:** kexec-tools could allow a local attacker to launch a symlink attack. The script module-setup.sh creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/103819 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P)

Affected Products and Versions

PowerKVM 2.1

Remediation/Fixes

Fix is made available via Fix Central (https://ibm.biz/BdEnT8) in 2.1.1 build 55 and all later builds and fix packs. For systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README&gt; for prerequisite fixes and instructions. Customers can also update from 2.1.1 (GA and later levels) by using “yum update”.

Workarounds and Mitigations

None

CPENameOperatorVersion
powerkvmeq2.1

Related

nessus 4
openvas 3
prion 1
ubuntucve 1
oraclelinux 1
centos 1
cvelist 1
cve 1
redhat 1
nvd 1
debiancve 1
nessus
nessus
Oracle Linux 7 : kexec-tools (ELSA-2015-0986)
2015-05-13 00:00:00
CentOS 7 : kexec-tools (CESA-2015:0986)
2015-05-13 00:00:00
Scientific Linux Security Update : kexec-tools on SL7.x x86_64 (20150512)
2015-05-14 00:00:00
openvas
openvas
CentOS Update for kexec-tools CESA-2015:0986 centos7
2015-06-09 00:00:00
RedHat Update for kexec-tools RHSA-2015:0986-01
2015-06-09 00:00:00
Oracle: Security Advisory (ELSA-2015-0986)
2015-10-06 00:00:00
prion
prion
Design/Logic Flaw
2015-05-19 18:59:00
ubuntucve
ubuntucve
CVE-2015-0267
2015-05-19 00:00:00
oraclelinux
oraclelinux
kexec-tools security, bug fix, and enhancement update
2015-05-12 00:00:00
centos
centos
kexec security update
2015-05-13 01:01:15
cvelist
cvelist
CVE-2015-0267
2015-05-19 18:00:00
cve
cve
CVE-2015-0267
2015-05-19 18:59:00
redhat
redhat
(RHSA-2015:0986) Moderate: kexec-tools security, bug fix, and enhancement update
2015-05-12 00:00:00
nvd
nvd
CVE-2015-0267
2015-05-19 18:59:00
debiancve
debiancve
CVE-2015-0267
2015-05-19 18:59:00

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for 3EC2F1FC7DDC9B9AEC870861C8B569AD08A4CF66602427BD87FC89B55EBAF2DE
nessus4openvas3prion1ubuntucve1oraclelinux1centos1cvelist1cve1redhat1nvd1debiancve1