IBM General Parallel File System 3.4 < 3.4.0.27 / 3.5 < 3.5.0.16 DoS (RHEL)

medium Nessus Plugin ID 72506

Synopsis

A clustered file system on the remote host is affected by a denial of service vulnerability.

Description

A version of IBM General Parallel File System (GPFS) prior to 3.4.0.27 / 3.5.0.16 is installed on the remote host. It is, therefore, affected by a denial of service vulnerability. An authenticated, non-root attacker can exploit this vulnerability by passing certain arguments to 'setuid' commands, potentially causing the GPFS daemon to crash.

Solution

Upgrade to GPFS 3.4.0.27 / 3.5.0.16 or later.

See Also

http://www.nessus.org/u?89d5f36a

http://www-01.ibm.com/support/docview.wss?uid=isg3T1020542

Plugin Details

Severity: Medium

ID: 72506

File Name: ibm_gpfs_isg3t1020542_rhel.nasl

Version: 1.5

Type: local

Agent: unix

Published: 2/14/2014

Updated: 7/12/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:ibm:general_parallel_file_system

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 1/24/2014

Vulnerability Publication Date: 1/24/2014

Reference Information

CVE: CVE-2014-0834

BID: 65297