Vulnerability Details : CVE-2016-0392
IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program.
Vulnerability category: BypassGain privilege
Products affected by CVE-2016-0392
- cpe:2.3:a:ibm:general_parallel_file_system_storage_server:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system_storage_server:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system_storage_server:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system_storage_server:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system_storage_server:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system_storage_server:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system_storage_server:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:general_parallel_file_system_storage_server:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:elastic_storage_server:3.5.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-0392
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-0392
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
8.4
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.5
|
5.9
|
NIST |
CWE ids for CVE-2016-0392
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-0392
-
http://www-01.ibm.com/support/docview.wss?uid=swg1IV84206
IBM notice: The page you requested cannot be displayed
-
http://packetstormsecurity.com/files/137373/IBM-GPFS-Spectrum-Scale-Command-Injection.html
IBM GPFS / Spectrum Scale Command Injection ≈ Packet Storm
-
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005875
IBM Security Bulletin: The Elastic Storage Server and the GPFS Storage Server are affected by a vulnerability in IBM Spectrum Scale (CVE-2016-0392)Vendor Advisory
-
http://www.securityfocus.com/bid/91082
IBM Spectrum Scale and GPFS CVE-2016-0392 Local Command Injection Vulnerability
-
http://www.securityfocus.com/archive/1/538620/100/0/threaded
SecurityFocus
-
http://www.securitytracker.com/id/1036458
IBM DB2 LUW GPFS Bugs Let Local Users Deny Service and Obtain Root Privileges - SecurityTracker
Jump to