Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMF7EF5327DD498CFA165C7FB1947C20FB19E2FCB07BDA332AE96E1826CF56EACA
HistoryJun 18, 2018 - 1:28 a.m.

Security Bulletin: PowerKVM is affected by ppc64-diag and powerpc-utils vulnerabilities (Multiple CVEs)

2018-06-1801:28:15
www.ibm.com
10

0.002 Low

EPSS

Percentile

62.2%

JSON

Summary

PowerKVM is affected by multiple vulnerabilities in ppc64-diag and powerpc-utils.

Vulnerability Details

CVEID: CVE-2014-4038**
DESCRIPTION:** ppc64-diag could allow a local attacker to launch a symlink attack. lpd_ela_test.sh creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/93852 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P)

CVEID: CVE-2014-4039**
DESCRIPTION:** ppc64-diag could allow a local attacker to obtain sensitive information, caused by the setting of 0755 permissions for the snapH.tar.gz archive. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 2.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/93853 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-4040**
DESCRIPTION:** powerpc-utils could allow a remote attacker to obtain sensitive information, caused by the production of an archive with fstab and yaboot.conf files potentially containing cleartext passwords by snap. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/#/vulnerabilities/93943 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Affected Products and Versions

PowerKVM 2.1

Remediation/Fixes

Fix is made available via Fix Central (https://ibm.biz/BdEnT8) in 2.1.1 SP2 (build 51) and all later builds and fix packs. For systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README&gt; for prerequisite fixes and instructions. Customers can also update from 2.1.1 (GA and later levels) by using “yum update”.

Workarounds and Mitigations

none

CPENameOperatorVersion
powerkvmeq2.1

Related

openvas 6
redhat 3
suse 3
veracode 2
nvd 3
ubuntucve 3
debiancve 3
cve 3
prion 3
cvelist 3
nessus 1
openvas
openvas
openSUSE: Security Advisory for ppc64-diag (openSUSE-SU-2014:0953-2)
2014-08-05 00:00:00
openSUSE: Security Advisory for ppc64-diag (openSUSE-SU-2014:0953-1)
2014-08-05 00:00:00
SUSE: Security Advisory for ppc64-diag (SUSE-SU-2014:0928-1)
2015-10-13 00:00:00
redhat
redhat
(RHSA-2015:1320) Moderate: ppc64-diag security, bug fix and enhancement update
2015-07-22 00:00:00
(RHSA-2015:0383) Moderate: ppc64-diag security, bug fix, and enhancement update
2015-03-05 00:00:00
(RHSA-2015:0384) Low: powerpc-utils security, bug fix, and enhancement update
2015-03-05 00:00:00
suse
suse
ppc64-diag: fix for tmp races and information disclosure (important)
2014-07-30 21:20:51
ppc64-diag: fix for tmp races and information disclosure (important)
2014-07-31 08:19:46
Security update for ppc64-diag (important)
2014-07-23 23:04:53
veracode
veracode
Privilege Escalation
2019-05-02 05:41:01
Arbitrary File Write
2019-01-15 09:06:35
nvd
nvd
CVE-2014-4038
2014-06-17 15:55:06
CVE-2014-4040
2014-06-17 15:55:06
CVE-2014-4039
2014-06-17 15:55:06
ubuntucve
ubuntucve
CVE-2014-4038
2014-06-17 00:00:00
CVE-2014-4040
2014-06-17 00:00:00
CVE-2014-4039
2014-06-17 00:00:00
debiancve
debiancve
CVE-2014-4038
2014-06-17 15:55:06
CVE-2014-4039
2014-06-17 15:55:06
CVE-2014-4040
2014-06-17 15:55:06
cve
cve
CVE-2014-4038
2014-06-17 15:55:06
CVE-2014-4039
2014-06-17 15:55:06
CVE-2014-4040
2014-06-17 15:55:06
prion
prion
Code injection
2014-06-17 15:55:00
Design/Logic Flaw
2014-06-17 15:55:00
Design/Logic Flaw
2014-06-17 15:55:00
cvelist
cvelist
CVE-2014-4038
2014-06-17 15:00:00
CVE-2014-4039
2014-06-17 15:00:00
CVE-2014-4040
2014-06-17 15:00:00
nessus
nessus
RHEL 6 : powerpc-utils (Unpatched Vulnerability)
2024-06-03 00:00:00

0.002 Low

EPSS

Percentile

62.2%

JSON
Related for F7EF5327DD498CFA165C7FB1947C20FB19E2FCB07BDA332AE96E1826CF56EACA
openvas6redhat3suse3veracode2nvd3ubuntucve3debiancve3cve3prion3cvelist3nessus1