Unzip is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVEs.
CVEID: CVE-2014-8139**
DESCRIPTION:** Info-ZIP UnZip is vulnerable to a heap-based buffer overflow, caused by improper bounds checking within the CRC32 verification. A lo
CVSS Base Score: 4.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99371> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2014-8140**
DESCRIPTION:** Info-ZIP UnZip is vulnerable to a buffer overflow, caused by improper bounds checking by the test_compr_eb() function. A local attac
CVSS Base Score: 4.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99372> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2014-8141**
DESCRIPTION:** Info-ZIP UnZip is vulnerable to a buffer overflow, caused by improper bounds checking by the getZip64Data() function. A local attack
CVSS Base Score: 4.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99373> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P)
CVEID: CVE-2014-9636**
DESCRIPTION:** Info-ZIP unzip is vulnerable to a denial of service, caused by an out-of-bound access in extract.c. By persuading a victim to open a specially-crafted zip file, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 1.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100264> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:N/A:P)
Power HMC V7.7.3.0
Power HMC V7.7.8.0
Power HMC V7.7.9.0
Power HMC V8.1.0.0
Power HMC V8.2.0.0
Power HMC V8.3.0.0
The following fixes are available on IBM Fix Central at: http://www-933.ibm.com/support/fixcentral/
Product|
VRMF|
APAR|
Remediation/First Fix
—|—|—|—
Power HMC|
V7.7.3.0 SP7|
MB03923| Apply eFix MH01535
Power HMC|
V7.7.8.0 SP2|
MB03924|
Apply eFix MH01536
Power HMC|
V7.7.9.0 SP2|
MB03925|
Apply eFix MH01537
Power HMC|
V8.8.1.0 SP2|
MB03920|
Apply eFix MH01532
Power HMC|
V8.8.2.0 SP1|
MB03926|
Apply eFix MH01538
Power HMC|
V8.8.3.0|
MB03927|
Apply eFix MH01539
Note:
1. For unsupported releases IBM recommends upgrading to a fixed, supported release of the product.
2. After applying the PTF, you should restart the HMC.
3. HMC V7.7.3 support is extended only for managing the Power 775 (9125-F2C) also called “PERCS” and “IH”. End Of Service date for managing all other server models was 2013.05.31.
None
CPE | Name | Operator | Version |
---|---|---|---|
power system hardware management console physical appliance | eq | any |