Vulnerability Description
IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Elastic Storage Server | 2.5.0 |
| Ibm | General Parallel File System Storage Server | 2.0.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/137373/IBM-GPFS-Spectrum-Scale-Command-Inje
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005875Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV84206
- http://www.securityfocus.com/archive/1/538620/100/0/threaded
- http://www.securityfocus.com/bid/91082
- http://www.securitytracker.com/id/1036458
- http://packetstormsecurity.com/files/137373/IBM-GPFS-Spectrum-Scale-Command-Inje
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005875Vendor Advisory
- http://www-01.ibm.com/support/docview.wss?uid=swg1IV84206
- http://www.securityfocus.com/archive/1/538620/100/0/threaded
- http://www.securityfocus.com/bid/91082
- http://www.securitytracker.com/id/1036458
FAQ
What is CVE-2016-0392?
CVE-2016-0392 is a vulnerability with a CVSS score of 8.4 (HIGH). IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Sc...
How severe is CVE-2016-0392?
CVE-2016-0392 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-0392?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Elastic Storage Server, Ibm General Parallel File System Storage Server.