Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM607EE52AC749BBCD4D0F303C52ADB0EEB388E53B740AF4A3C532F58014B942CF
HistoryJun 15, 2018 - 7:05 a.m.

Security Bulletin: The GPFS pattern provided with IBM PureApplication System is affected by a security vulnerability. (CVE-2016-0263)

2018-06-1507:05:39
www.ibm.com
13

EPSS

0

Percentile

5.1%

JSON

Summary

A security vulnerability has been identified in the current levels of IBM Spectrum Scale V4.2, V4.1 and IBM General Parallel File System V3.5, that could allow a local user, under special circumstances, to escalate their privileges or cause a denial of service when the mmapplypolicy command is issued with certain options and syntax.

IBM PureApplication System provides a GPFS pattern and addressed the applicable CVE.

Vulnerability Details

CVEID: CVE-2016-0263**
DESCRIPTION:** IBM General Parallel File System could allow a local user under special circumstances to escalate their privileges or cause a denial of service.
CVSS Base Score: 7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110661 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

· IBM PureApplication System V2.0 (GPFS Pattern type 1.2.0.0, 1.2.0.1, and 1.2.0.2) using IBM GPFS V3.5.0.19
· IBM PureApplication System V2.1.0.1 (GPFS Pattern type 1.2.1.0) using IBM GPFS V4.1.0.5
· IBM PureApplication System V2.1.0.2 (GPFS Pattern type 1.2.2.0) using IBM GPFS V4.1.0.7
· IBM PureApplication System V2.1.1.0 (GPFS Pattern type 1.2.3.0) using IBM GPFS V4.1.0.7
· IBM PureApplication System V2.1.2.0 (GPFS Pattern type 1.2.4.0) using IBM GPFS V4.1.1.2
· IBM PureApplication System V2.2.0 (GPFS Pattern type 1.2.5.0) using IBM GPFS V4.1.1.3

Remediation/Fixes

GPFS server or client instances deployed with the affected GPFS Pattern versions are vulnerable. To determine whether deployed GPFS server or client instances are affected by these GPFS security vulnerabilities, run the Get Cluster Status operation ( for a GPFS server instance ) or the GPFS Client Status operation ( for a GPFS client instance ) to verify the version reported for the GPFS nodes.

The solution is to apply one of the following interim fixes:

GPFS 3.5.0.30
http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.0.0.1&platform=All&function=fixId&fixids=update-gpfs-3.5.0.30&includeRequisites=1&includeSupersedes=0

GPFS 4.1.1.5
http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.1.1.0&platform=Linux&function=fixId&fixids=update-gpfs-4.1.1.5&includeRequisites=0&includeSupersedes=0&downloadMethod=http

Workarounds and Mitigations

None

Related

prion 1
ibm 6
nvd 1
cvelist 1
cve 1
prion
prion
Command injection
2016-06-29 01:59:00
ibm
ibm
Security Bulletin: IBM Spectrum Scale is affected by a security vulnerability (CVE-2016-0263)
2018-08-01 21:04:19
Security Bulletin: A security vulnerability has been identified in IBM® General Parallel File System and IBM Spectrum Scale shipped with IBM Smart Analytics System and IBM PureData System for Operational Analytics (CVE-2016-0263)
2019-10-18 03:50:04
Security Bulletin: IBM Spectrum Scale is affected by a security vulnerability (CVE-2016-0263)
2021-06-25 16:46:35
nvd
nvd
CVE-2016-0263
2016-06-29 01:59:03
cvelist
cvelist
CVE-2016-0263
2016-06-29 01:00:00
cve
cve
CVE-2016-0263
2016-06-29 01:59:03

EPSS

0

Percentile

5.1%

JSON
Related for 607EE52AC749BBCD4D0F303C52ADB0EEB388E53B740AF4A3C532F58014B942CF
prion1ibm6nvd1cvelist1cve1