Privilege Escalation via Crafted Environment Variables in IBM Spectrum Scale and GPFS
CVE-2016-2985 · MEDIUM Severity
AV:L/AC:M/AU:N/C:C/I:C/A:C
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted environment variables to a /usr/lpp/mmfs/bin/ setuid program.
Learn more about our User Device Pen Test.