IBM General Parallel File System CVE-2015-4974 Local Unspecified Command Execution Vulnerability

IBM General Parallel File System is prone to a local unspecified command-execution vulnerability.

A local attacker can exploit this issue to execute arbitrary commands with root privileges. Successful exploits may compromise the affected computer.

Information

Bugtraq ID: 77025
Class: Design Error
CVE: CVE-2015-4974

Remote: No
Local: Yes
Published: Sep 17 2015 12:00AM
Updated: Oct 10 2018 11:00AM
Credit: IBM
Vulnerable: IBM Storwize V7000 Unified 1.5.2.1
IBM Storwize V7000 Unified 1.5.2.0
IBM Storwize V7000 Unified 1.5.1.3
IBM Storwize V7000 Unified 1.5.1.0
IBM Storwize V7000 Unified 1.5.0.2
IBM Storwize V7000 Unified 1.5.0.1
IBM Storwize V7000 Unified 1.5.0.0
IBM Spectrum Scale 4.1.1.1
IBM Spectrum Scale 4.1.1.0
IBM SONAS 1.5.2.1
IBM SONAS 1.5.2.0
IBM SONAS 1.5.1.3
IBM SONAS 1.5.1.0
IBM SONAS 1.5.0.2
IBM SONAS 1.5.0.1
IBM SONAS 1.5.0.0
IBM Smart Analytics System 5600 V3 9.7
IBM Smart Analytics System 5600 V3 10.1
IBM GPFS Storage Server 2.0.4
IBM GPFS Storage Server 2.0.3
IBM GPFS Storage Server 2.0.2
IBM GPFS Storage Server 2.0.1
IBM GPFS Storage Server 2.5
IBM GPFS Storage Server 2.0
IBM General Parallel File System(GPFS) 4.1
IBM General Parallel File System(GPFS) 4.1.0.8
IBM General Parallel File System(GPFS) 4.1.0.7
IBM General Parallel File System(GPFS) 4.1.0.6
IBM General Parallel File System(GPFS) 3.5.0.24
IBM General Parallel File System(GPFS) 3.5.0.23
IBM General Parallel File System (GPFS) 4.1.0.5
IBM General Parallel File System (GPFS) 4.1.0.4
IBM General Parallel File System (GPFS) 4.1.0.3
IBM General Parallel File System (GPFS) 4.1.0.2
IBM General Parallel File System (GPFS) 4.1.0.1
IBM General Parallel File System (GPFS) 3.5.0.6
IBM General Parallel File System (GPFS) 3.5.0.5
IBM General Parallel File System (GPFS) 3.5.0.4
IBM General Parallel File System (GPFS) 3.5.0.3
IBM General Parallel File System (GPFS) 3.5.0.26
IBM General Parallel File System (GPFS) 3.5.0.25
IBM General Parallel File System (GPFS) 3.5.0.24
IBM General Parallel File System (GPFS) 3.5.0.22
IBM General Parallel File System (GPFS) 3.5.0.21
IBM General Parallel File System (GPFS) 3.5.0.20
IBM General Parallel File System (GPFS) 3.5.0.2
IBM General Parallel File System (GPFS) 3.5.0.19
IBM General Parallel File System (GPFS) 3.5.0.18
IBM General Parallel File System (GPFS) 3.5.0.17
IBM General Parallel File System (GPFS) 3.5.0.16
IBM General Parallel File System (GPFS) 3.5.0.15
IBM General Parallel File System (GPFS) 3.5.0.14
IBM General Parallel File System (GPFS) 3.5.0.13
IBM General Parallel File System (GPFS) 3.5.0.12
IBM General Parallel File System (GPFS) 3.5.0.11
IBM General Parallel File System (GPFS) 3.5.0.1
IBM General Parallel File System (GPFS) 3.5.0
IBM Elastic Storage Server 3.0.2
IBM Elastic Storage Server 3.0.1
IBM Elastic Storage Server 2.5.2
IBM Elastic Storage Server 3.0
IBM Elastic Storage Server 2.5
IBM DB2 Workgroup Server Edition 10.5
IBM DB2 Workgroup Server Edition 10.1
IBM DB2 Express Edition 10.5
IBM DB2 Express Edition 10.1
IBM DB2 Enterprise Server Edition 10.5
IBM DB2 Enterprise Server Edition 10.1
IBM DB2 Connect Unlimited Edition for System z 10.5
IBM DB2 Connect Unlimited Edition for System z 10.1
IBM DB2 Connect Unlimited Edition for System i 10.5
IBM DB2 Connect Unlimited Edition for System i 10.1
IBM DB2 Connect Enterprise Edition 10.5
IBM DB2 Connect Enterprise Edition 10.1
IBM DB2 Connect Application Server Edition 10.5
IBM DB2 Connect Application Server Edition 10.1
IBM DB2 Advanced Workgroup Server Edition 10.5
IBM DB2 Advanced Workgroup Server Edition 10.1
IBM DB2 Advanced Enterprise Server Edition 10.5
IBM DB2 Advanced Enterprise Server Edition 10.1

Not Vulnerable: IBM Storwize V7000 Unified 1.5.2.2
IBM Spectrum Scale 4.1.1.2
IBM SONAS 1.5.2.2
IBM GPFS Storage Server 2.0.6
IBM General Parallel File System (GPFS) 4.1.1.2
IBM General Parallel File System (GPFS) 3.5.0.27
IBM Elastic Storage Server 3.0.4
IBM Elastic Storage Server 2.5.4

Exploit

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: http://.

References:

• General Parallel File System Homepage (IBM)
  
• Advisory ID isg3T1022637 : Security Bulletin: IBM Spectrum Scale and IBM GPFS ar (IBM)
  
• Advisory ID: ssg1S1005366 - IBM Spectrum Scale and IBM GPFS are affected by secu (IBM)
  
• IBM Advisory swg21969198 (IBM)
  
• isg3T1022797: The Elastic Storage Server and the GPFS Storage Server are affecte (IBM)
  
• ssg1S1005425: GPFS security vulnerabilities in IBM SONAS (CVE-2015-4974 and CVE- (IBM)
  
• ssg1S1005429:GPFS security vulnerabilities in IBM Storwize V7000 Unified (CVE-20 (ibm)
  

Source: www.securityfocus.com