Privilege Escalation via Crafted Environment Variables in IBM Spectrum Scale and GPFS

Privilege Escalation via Crafted Environment Variables in IBM Spectrum Scale and GPFS

CVE-2016-2985 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.

Learn more about our User Device Pen Test.