PowerKVM is affected by multiple vulnerabilities in ppc64-diag and powerpc-utils.
CVEID: CVE-2014-4038**
DESCRIPTION:** ppc64-diag could allow a local attacker to launch a symlink attack. lpd_ela_test.sh creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/93852 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P)
CVEID: CVE-2014-4039**
DESCRIPTION:** ppc64-diag could allow a local attacker to obtain sensitive information, caused by the setting of 0755 permissions for the snapH.tar.gz archive. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 2.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/93853 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2014-4040**
DESCRIPTION:** powerpc-utils could allow a remote attacker to obtain sensitive information, caused by the production of an archive with fstab and yaboot.conf files potentially containing cleartext passwords by snap. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/93943 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
PowerKVM 2.1
Fix is made available via Fix Central (https://ibm.biz/BdEnT8) in 2.1.1 SP2 (build 51) and all later builds and fix packs. For systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions. Customers can also update from 2.1.1 (GA and later levels) by using “yum update”.
none