Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM62223126172561462E95BBFAF393AF546A70AE5A2A016177C7A4D14F71FE95DA
HistoryJun 28, 2019 - 4:00 p.m.

Security Bulletin: A vulnerability in OpenSLP affects the IBM FlashSystem models V840 and V9000

2019-06-2816:00:01
www.ibm.com
8

0.008 Low

EPSS

Percentile

81.8%

JSON

Summary

A vulnerability exists in OpenSLP to which the IBM FlashSystem™ V840 and FlashSystem V9000 are susceptible. An exploit of this vulnerability (CVE-2017-17833) could make the system susceptible to a denial of service due to a corruption of heap memory by a remote attacker.

Vulnerability Details

CVEID: CVE-2017-17833 DESCRIPTION: OpenSLP, as used in multiple products, is vulnerable to a denial of service. A remote attacker could exploit this vulnerability to corrupt the heap memory and cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142087&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Storage Node machine type and models (MTMs) affected:

  • 9846-AE1 and 9848-AE1
  • 9846-AE2 and 9848-AE2
  • 9846-AE3 and 9848-AE3

Controller Node MTMs affected:

  • 9846-AC0 and 9848-AC0
  • 9846-AC1 and 9848-AC1
  • 9846-AC2 and 9848-AC2
  • 9846-AC3 and 9848-AC3

Supported storage node code versions which are affected

  • VRMFs prior to 1.4.8.2
  • VRMFs prior to 1.5.2.5
  • VRMFs prior to 1.6.1.0

Supported controller node code versions which are affected
· VRMFs prior to 7.8.1.8
· VRMFs prior to 8.1.3.4
· VRMFs prior to 8.2.0.2

Remediation/Fixes

MTMs

| VRMF | APAR | Remediation/First Fix
—|—|—|—
Storage nodes:
9846-AE1, 9848-AE1, 9846-AE2, 9848-AE2, 9846-AE3, & 9848-AE3

Controller nodes:
9846-AC0, 9846-AC1, 9848-AC0, 9848-AC1, 9846-AC2, 9848-AC2, 9846-AC3, & 9848-AC3 |

Code fixes are now available, the minimum VRMF containing the fix depends on the code stream:_ _

__Fixed Code VRMF __
1.6 stream: 1.6.1.0

1.5 stream: 1.5.2.5
1.4 stream: 1.4.8.2

__Controller Node VRMF __
8.2 stream: 8.2.0.2

8.1 stream: 8.1.3.4
7.8 stream: 7.8.1.8

| N/A | FlashSystem V840 fixesor FlashSystem V9000 fixes for storage and controller nodeare available @ IBM’s Fix Central

Workarounds and Mitigations

None.

Related

centos 2
fedora 1
prion 1
ibm 10
cve 2
nessus 27
openvas 17
osv 2
lenovo 2
oraclelinux 2
cvelist 1
mageia 1
debian 2
suse 2
veracode 1
f5 1
amazon 1
ubuntucve 1
nvd 2
redhatcve 2
redhat 2
ubuntu 1
gentoo 1
centos
centos
openslp security update
2018-08-09 15:08:57
openslp security update
2018-07-25 16:10:16
fedora
fedora
[SECURITY] Fedora 28 Update: openslp-2.0.0-18.fc28
2018-07-19 18:06:13
prion
prion
Remote code execution
2018-04-23 18:29:00
ibm
ibm
Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in OpenSLP (CVE-2017-17833)
2023-04-14 14:32:25
Security Bulletin: IBM NeXtScale Fan Power Controller (FPC) is affected by OpenSLP vulnerability (CVE-2017-17833)
2019-01-31 02:40:01
Security Bulletin: A vulnerability in OpenSLP affects PowerKVM
2018-12-17 14:25:02
cve
cve
CVE-2017-17833
2018-04-23 18:29:00
CVE-2018-12938
2018-06-28 23:29:00
nessus
nessus
Debian DLA-1364-1 : openslp-dfsg security update
2018-04-26 00:00:00
Scientific Linux Security Update : openslp on SL7.x x86_64 (20180723)
2018-07-24 00:00:00
NewStart CGSL MAIN 4.05 : openslp Vulnerability (NS-SA-2019-0128)
2019-08-12 00:00:00
openvas
openvas
Fedora Update for openslp FEDORA-2018-05acd3c734
2018-07-20 00:00:00
Debian: Security Advisory (DLA-1364-1)
2018-04-26 00:00:00
openSUSE: Security Advisory for openslp (openSUSE-SU-2018:1958-1)
2018-10-26 00:00:00
osv
osv
openslp-dfsg - security update
2018-04-25 00:00:00
openslp-dfsg - security update
2019-12-08 00:00:00
lenovo
lenovo
OpenSLP Heap Memory Corruption - Lenovo Support US
2019-01-12 21:23:09
OpenSLP Heap Memory Corruption - US
2018-04-26 15:03:00
oraclelinux
oraclelinux
openslp security update
2018-07-31 00:00:00
openslp security update
2018-07-23 00:00:00
cvelist
cvelist
CVE-2017-17833
2018-04-23 18:00:00
mageia
mageia
Updated openslp packages fix security vulnerability
2018-08-18 01:27:23
debian
debian
[SECURITY] [DLA 1364-1] openslp-dfsg security update
2018-04-25 20:20:59
[SECURITY] [DLA 2025-1] openslp-dfsg security update
2019-12-08 12:51:22
suse
suse
Security update for openslp (important)
2018-09-24 12:11:41
Security update for openslp (important)
2018-07-14 03:08:08
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:24:30
f5
f5
K13314257 : slpd vulnerability CVE-2017-17833
2018-09-26 00:00:00
amazon
amazon
Important: openslp
2018-08-21 17:11:00
ubuntucve
ubuntucve
CVE-2017-17833
2018-04-23 00:00:00
nvd
nvd
CVE-2017-17833
2018-04-23 18:29:00
CVE-2018-12938
2018-06-28 23:29:00
redhatcve
redhatcve
CVE-2017-17833
2018-04-26 10:18:40
CVE-2018-12938
2018-06-29 04:22:04
redhat
redhat
(RHSA-2018:2240) Important: openslp security update
2018-07-23 13:12:36
(RHSA-2018:2308) Important: openslp security update
2018-07-31 17:16:30
ubuntu
ubuntu
OpenSLP vulnerabilities
2018-07-09 00:00:00
gentoo
gentoo
OpenSLP: Multiple vulnerabilities
2020-05-14 00:00:00

0.008 Low

EPSS

Percentile

81.8%

JSON
Related for 62223126172561462E95BBFAF393AF546A70AE5A2A016177C7A4D14F71FE95DA
centos2fedora1prion1ibm10cve2nessus27openvas17osv2lenovo2oraclelinux2cvelist1mageia1debian2suse2veracode1f51amazon1ubuntucve1nvd2redhatcve2redhat2ubuntu1gentoo1