HiI took a lookat the "Readme and Release notes for release 5.0.4.3 IBM Spectrum Scale 5.0.4.3 Spectrum_Scale_Data_Management-5.0.4.3-x86_64-Linux Readme" But I did not find the entry which mentioned the "For IBM Spectrum Scale V5.0.0.0 through V5.0.4.1, reference APAR IJ23438" APAR number which is mentioned on the "Security Bulletin: A vulnerability has been identified in IBM Spectrum Scale where an unprivileged user could execute commands as root ( CVE-2020-4273)" page.
shouldn't it be mentioned there? Stephan Am 22.04.2020 um 10:19 schrieb Jaime Pinto:
In case you missed (the forum has been pretty quiet about this one), CVE-2020-4273 had an update yesterday:https://www.ibm.com/support/pages/node/6151701?myns=s033&mynp=OCSTXKQY&mync=E&cm_sp=s033-_-OCSTXKQY-_-EIf you can't do the upgrade now, at least apply the mitigation to the client nodes generally exposed to unprivileged users:Check the setuid bit:ls -l /usr/lpp/mmfs/bin | grep r-s | awk '{system("ls -l /usr/lpp/mmfs/bin/"$9)}')Apply the mitigation:ls -l /usr/lpp/mmfs/bin | grep r-s | awk '{system("chmod u-s /usr/lpp/mmfs/bin/"$9)}'Verification:ls -l /usr/lpp/mmfs/bin | grep r-s | awk '{system("ls -l /usr/lpp/mmfs/bin/"$9)}')All the best Jaime . . . ************************************ TELL US ABOUT YOUR SUCCESS STORIES http://www.scinethpc.ca/testimonials ************************************ --- Jaime Pinto - Storage Analyst SciNet HPC Consortium - Compute/Calcul Canada www.scinet.utoronto.ca - www.computecanada.ca University of Toronto 661 University Ave. (MaRS), Suite 1140 Toronto, ON, M5G1M1 P: 416-978-2755 C: 416-505-1477 _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
