An information leak flaw and buffer overflow flaw in the way the OpenSSH client roaming feature was implemented affects IBM XIV Gen2.
CVEID: CVE-2016-0777
DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by a client information leak from using the roaming connection feature. By persuading a victim to connect to a malicious server, an attacker could exploit this vulnerability to retrieve private cryptographic keys or other sensitive information.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109635 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
IBM XIV Gen2 systems running microcode versions 10.0 or later are affected.
Applying a non-disruptive patch that fixes this issue is available for versions 10.2.4.e-5 and 10.2.4.e-8. The application of this patch can be done via remote connection and would take about 5 minutes to be completed.
For versions other than 10.2.4.e-5 and 10.2.4.e-8, IBM recommends upgrading to a fixed, supported version of the product.
CPE | Name | Operator | Version |
---|---|---|---|
ibm xiv gen2 systems running microcode versions | eq | 10.0 |