PT-2015-1311 · Ibm · Ibm General Parallel File System
Felix Wilhelm
+1
·
Published
2015-03-23
·
Updated
2016-12-31
·
CVE-2015-0198
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
IBM General Parallel File System (GPFS) versions 3.4 before 3.4.0.32
IBM General Parallel File System (GPFS) versions 3.5 before 3.5.0.24
IBM General Parallel File System (GPFS) versions 4.1 before 4.1.0.7
Description
The issue is related to insufficient authentication of network packets when the cipherList configuration parameter is set. This can be exploited by a remote attacker to execute applications with administrator privileges.
Recommendations
For IBM General Parallel File System (GPFS) versions 3.4 before 3.4.0.32, update to version 3.4.0.32 or later.
For IBM General Parallel File System (GPFS) versions 3.5 before 3.5.0.24, update to version 3.5.0.24 or later.
For IBM General Parallel File System (GPFS) versions 4.1 before 4.1.0.7, update to version 4.1.0.7 or later.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm General Parallel File System