IBM General Parallel File System 3.4 < 3.4.0.27 / 3.5 < 3.5.0.16 DoS (RHEL)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

A clustered file system on the remote host is affected by a denial of
service vulnerability.

Description :

A version of IBM General Parallel File System (GPFS) prior to 3.4.0.27
/ 3.5.0.16 is installed on the remote host. It is, therefore, affected
by a denial of service vulnerability. An authenticated, non-root
attacker can exploit this vulnerability by passing certain arguments to
'setuid' commands, potentially causing the GPFS daemon to crash.

See also :

http://www.nessus.org/u?5a45ae87
http://www-01.ibm.com/support/docview.wss?uid=isg3T1020542

Solution :

Upgrade to GPFS 3.4.0.27 / 3.5.0.16 or later.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVSS Temporal Score : 3.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 72506 ()

Bugtraq ID: 65297

CVE ID: CVE-2014-0834