CVE-2016-2984
First published: Fri Nov 25 2016(Updated: )
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Scale | =4.1.1.0 | |
| IBM Spectrum Scale | =4.1.1.1 | |
| IBM Spectrum Scale | =4.1.1.2 | |
| IBM Spectrum Scale | =4.1.1.3 | |
| IBM Spectrum Scale | =4.1.1.4 | |
| IBM Spectrum Scale | =4.1.1.5 | |
| IBM Spectrum Scale | =4.1.1.6 | |
| IBM Spectrum Scale | =4.1.1.7 | |
| IBM Spectrum Scale | =4.1.1.8 | |
| IBM Spectrum Scale | =4.2.0.0 | |
| IBM Spectrum Scale | =4.2.0.1 | |
| IBM Spectrum Scale | =4.2.0.2 | |
| IBM Spectrum Scale | =4.2.0.3 | |
| IBM General Parallel File System Storage Server | =3.5.0.0 | |
| IBM General Parallel File System Storage Server | =3.5.0.1 | |
| IBM General Parallel File System Storage Server | =3.5.0.2 | |
| IBM General Parallel File System Storage Server | =3.5.0.3 | |
| IBM General Parallel File System Storage Server | =3.5.0.4 | |
| IBM General Parallel File System Storage Server | =3.5.0.5 | |
| IBM General Parallel File System Storage Server | =3.5.0.6 | |
| IBM General Parallel File System Storage Server | =3.5.0.7 | |
| IBM General Parallel File System Storage Server | =3.5.0.8 | |
| IBM General Parallel File System Storage Server | =3.5.0.9 | |
| IBM General Parallel File System Storage Server | =3.5.0.10 | |
| IBM General Parallel File System Storage Server | =3.5.0.11 | |
| IBM General Parallel File System Storage Server | =3.5.0.12 | |
| IBM General Parallel File System Storage Server | =3.5.0.13 | |
| IBM General Parallel File System Storage Server | =3.5.0.14 | |
| IBM General Parallel File System Storage Server | =3.5.0.15 | |
| IBM General Parallel File System Storage Server | =3.5.0.16 | |
| IBM General Parallel File System Storage Server | =3.5.0.17 | |
| IBM General Parallel File System Storage Server | =3.5.0.18 | |
| IBM General Parallel File System Storage Server | =3.5.0.19 | |
| IBM General Parallel File System Storage Server | =3.5.0.20 | |
| IBM General Parallel File System Storage Server | =3.5.0.21 | |
| IBM General Parallel File System Storage Server | =3.5.0.22 | |
| IBM General Parallel File System Storage Server | =3.5.0.23 | |
| IBM General Parallel File System Storage Server | =3.5.0.24 | |
| IBM General Parallel File System Storage Server | =3.5.0.25 | |
| IBM General Parallel File System Storage Server | =3.5.0.26 | |
| IBM General Parallel File System Storage Server | =3.5.0.27 | |
| IBM General Parallel File System Storage Server | =3.5.0.28 | |
| IBM General Parallel File System Storage Server | =3.5.0.29 | |
| IBM General Parallel File System Storage Server | =3.5.0.30 | |
| IBM General Parallel File System Storage Server | =3.5.0.31 | |
| IBM General Parallel File System Storage Server | =4.1.0.0 | |
| IBM General Parallel File System Storage Server | =4.1.0.1 | |
| IBM General Parallel File System Storage Server | =4.1.0.2 | |
| IBM General Parallel File System Storage Server | =4.1.0.3 | |
| IBM General Parallel File System Storage Server | =4.1.0.4 | |
| IBM General Parallel File System Storage Server | =4.1.0.5 | |
| IBM General Parallel File System Storage Server | =4.1.0.6 | |
| IBM General Parallel File System Storage Server | =4.1.0.7 | |
| IBM General Parallel File System Storage Server | =4.1.0.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-2984?
CVE-2016-2984 has a medium severity rating, allowing local users to escalate privileges.
How do I fix CVE-2016-2984?
To fix CVE-2016-2984, upgrade IBM Spectrum Scale to version 4.1.1.8 or higher, or 4.2.0.4 or higher.
Which versions are affected by CVE-2016-2984?
CVE-2016-2984 affects IBM Spectrum Scale versions before 4.1.1.8 and 4.2.x before 4.2.0.4, as well as GPFS versions before 3.5.0.32.
Who is impacted by CVE-2016-2984?
Local users of the affected IBM Spectrum Scale and GPFS versions are most impacted by CVE-2016-2984.
What type of vulnerability is CVE-2016-2984?
CVE-2016-2984 is a privilege escalation vulnerability that can be exploited through crafted command-line parameters.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ibm
- canonical/ibm spectrum scale
- version/ibm spectrum scale/4.1.1.0
- version/ibm spectrum scale/4.1.1.1
- version/ibm spectrum scale/4.1.1.2
- version/ibm spectrum scale/4.1.1.3
- version/ibm spectrum scale/4.1.1.4
- version/ibm spectrum scale/4.1.1.5
- version/ibm spectrum scale/4.1.1.6
- version/ibm spectrum scale/4.1.1.7
- version/ibm spectrum scale/4.1.1.8
- version/ibm spectrum scale/4.2.0.0
- version/ibm spectrum scale/4.2.0.1
- version/ibm spectrum scale/4.2.0.2
- version/ibm spectrum scale/4.2.0.3
- canonical/ibm general parallel file system storage server
- version/ibm general parallel file system storage server/3.5.0.0
- version/ibm general parallel file system storage server/3.5.0.1
- version/ibm general parallel file system storage server/3.5.0.2
- version/ibm general parallel file system storage server/3.5.0.3
- version/ibm general parallel file system storage server/3.5.0.4
- version/ibm general parallel file system storage server/3.5.0.5
- version/ibm general parallel file system storage server/3.5.0.6
- version/ibm general parallel file system storage server/3.5.0.7
- version/ibm general parallel file system storage server/3.5.0.8
- version/ibm general parallel file system storage server/3.5.0.9
- version/ibm general parallel file system storage server/3.5.0.10
- version/ibm general parallel file system storage server/3.5.0.11
- version/ibm general parallel file system storage server/3.5.0.12
- version/ibm general parallel file system storage server/3.5.0.13
- version/ibm general parallel file system storage server/3.5.0.14
- version/ibm general parallel file system storage server/3.5.0.15
- version/ibm general parallel file system storage server/3.5.0.16
- version/ibm general parallel file system storage server/3.5.0.17
- version/ibm general parallel file system storage server/3.5.0.18
- version/ibm general parallel file system storage server/3.5.0.19
- version/ibm general parallel file system storage server/3.5.0.20
- version/ibm general parallel file system storage server/3.5.0.21
- version/ibm general parallel file system storage server/3.5.0.22
- version/ibm general parallel file system storage server/3.5.0.23
- version/ibm general parallel file system storage server/3.5.0.24
- version/ibm general parallel file system storage server/3.5.0.25
- version/ibm general parallel file system storage server/3.5.0.26
- version/ibm general parallel file system storage server/3.5.0.27
- version/ibm general parallel file system storage server/3.5.0.28
- version/ibm general parallel file system storage server/3.5.0.29
- version/ibm general parallel file system storage server/3.5.0.30
- version/ibm general parallel file system storage server/3.5.0.31
- version/ibm general parallel file system storage server/4.1.0.0
- version/ibm general parallel file system storage server/4.1.0.1
- version/ibm general parallel file system storage server/4.1.0.2
- version/ibm general parallel file system storage server/4.1.0.3
- version/ibm general parallel file system storage server/4.1.0.4
- version/ibm general parallel file system storage server/4.1.0.5
- version/ibm general parallel file system storage server/4.1.0.6
- version/ibm general parallel file system storage server/4.1.0.7
- version/ibm general parallel file system storage server/4.1.0.8