CERTA-2004-AVI-355
Vulnerability from certfr_avis - Published: 2004-10-22 - Updated: 2004-10-22
Une vulnérabilité dans un des composants de IBM RSCT (Reliable Scalable Cluster Technology) permet à un utilisateur mal intentionné de détruire ou modifier des fichiers arbitraires ainsi que de réaliser un déni de service sur le système affecté.
Description
IBM RSCT (Reliable Scalable Cluster Technology) est une technologie permettant la réalisation de clusters. Le programme ctstrtcasd présente une vulnérabilité qui permet à un utilisateur mal intentionné de détruire ou modifier des fichiers arbitraires ainsi que de réaliser un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur (cf. section Documentation) pour l'obtention des correctifs.
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM General Parallel File System (GPFS) version 2 release 2 sur Linux pour xSeries et Linux pour pSeries. | ||
| IBM | N/A | IBM Hardware Management Console (HMC) pour iSeries version 4 ; | ||
| IBM | AIX | IBM AIX 5L versions 5.2 et 5.3 sur une partition i5/OS (iSeries) ; | ||
| IBM | Tivoli | IBM Tivoli System Automation (TSA) pour Multiplatforms 1.2 ; | ||
| IBM | N/A | IBM Hardware Management Console (HMC) pour pSeries version 4 ; | ||
| IBM | N/A | IBM Hardware Management Console (HMC) pour pSeries version 3 ; | ||
| IBM | AIX | IBM AIX 5L versions 5.2 et 5.3 sur pSeries ; | ||
| IBM | Tivoli | IBM Tivoli System Automation (TSA) pour Linux 1.1 ; | ||
| IBM | N/A | IBM Cluster Systems Management (CSM) pour Linux versions 1.4 et supérieures ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM General Parallel File System (GPFS) version 2 release 2 sur Linux pour xSeries et Linux pour pSeries.",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Hardware Management Console (HMC) pour iSeries version 4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM AIX 5L versions 5.2 et 5.3 sur une partition i5/OS (iSeries) ;",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli System Automation (TSA) pour Multiplatforms 1.2 ;",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Hardware Management Console (HMC) pour pSeries version 4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Hardware Management Console (HMC) pour pSeries version 3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM AIX 5L versions 5.2 et 5.3 sur pSeries ;",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Tivoli System Automation (TSA) pour Linux 1.1 ;",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cluster Systems Management (CSM) pour Linux versions 1.4 et sup\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nIBM RSCT (Reliable Scalable Cluster Technology) est une technologie\npermettant la r\u00e9alisation de clusters. Le programme ctstrtcasd pr\u00e9sente\nune vuln\u00e9rabilit\u00e9 qui permet \u00e0 un utilisateur mal intentionn\u00e9 de\nd\u00e9truire ou modifier des fichiers arbitraires ainsi que de r\u00e9aliser un\nd\u00e9ni de service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section\nDocumentation) pour l\u0027obtention des correctifs.\n",
"cves": [],
"initial_release_date": "2004-10-22T00:00:00",
"last_revision_date": "2004-10-22T00:00:00",
"links": [],
"reference": "CERTA-2004-AVI-355",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2004-10-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans un des composants de IBM RSCT (Reliable Scalable\nCluster Technology) permet \u00e0 un utilisateur mal intentionn\u00e9 de d\u00e9truire\nou modifier des fichiers arbitraires ainsi que de r\u00e9aliser un d\u00e9ni de\nservice sur le syst\u00e8me affect\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 de IBM RSCT",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM MSS-OAR-E01-2004:1654.1",
"url": "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.1654.1"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…