CVE Vulnerabilities

CVE-2016-2985

Published: Nov 25, 2016 | Modified: Nov 28, 2016
CVSS 3.x
7
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.

Affected Software

Name Vendor Start Version End Version
Spectrum_scale Ibm 4.1.1.0 (including) 4.1.1.0 (including)
Spectrum_scale Ibm 4.1.1.1 (including) 4.1.1.1 (including)
Spectrum_scale Ibm 4.1.1.2 (including) 4.1.1.2 (including)
Spectrum_scale Ibm 4.1.1.3 (including) 4.1.1.3 (including)
Spectrum_scale Ibm 4.1.1.4 (including) 4.1.1.4 (including)
Spectrum_scale Ibm 4.1.1.5 (including) 4.1.1.5 (including)
Spectrum_scale Ibm 4.1.1.6 (including) 4.1.1.6 (including)
Spectrum_scale Ibm 4.1.1.7 (including) 4.1.1.7 (including)
Spectrum_scale Ibm 4.1.1.8 (including) 4.1.1.8 (including)
Spectrum_scale Ibm 4.2.0.0 (including) 4.2.0.0 (including)
Spectrum_scale Ibm 4.2.0.1 (including) 4.2.0.1 (including)
Spectrum_scale Ibm 4.2.0.2 (including) 4.2.0.2 (including)
Spectrum_scale Ibm 4.2.0.3 (including) 4.2.0.3 (including)

References