IBM General Parallel File System OpenSSH Memory Corruption
High Nessus Plugin ID 76766
SynopsisA clustered file system on the remote host is affected by a memory corruption vulnerability related to OpenSSH.
DescriptionA version of IBM General Parallel File System (GPFS) that is 220.127.116.11 or later but prior to 18.104.22.168 is installed on the remote host. It is, therefore, affected by a memory corruption issue in the bundled version of OpenSSH. The issue exists due to a failure to initialize certain data structures when makefile.inc is modified to enable the J-PAKE protocol. An unauthenticated, remote attacker can exploit this to corrupt memory, resulting in a denial of service condition and potentially the execution of arbitrary code.
SolutionUpgrade to IBM GPFS version 22.214.171.124 or later.