CVE-2016-0392
HIGHIBM Elastic Storage Server 2.5.x-2.5.5, 3.x < 3.5.5, 4.x < 4.0.3 - Privilege Escalation via Setuid Program Parameter
Title source: llmDescription
IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/91082
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/137373/IBM-GPFS-Spectrum-Scale-Command-Injection.html
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV84206
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036458
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/538620/100/0/threaded
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1005875
Scores
CVSS v3
8.4
EPSS
0.0050
EPSS Percentile
39.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (28)
ibm/elastic_storage_server
2.5.0
ibm/elastic_storage_server
2.5.1
ibm/elastic_storage_server
2.5.2
ibm/elastic_storage_server
2.5.3
ibm/elastic_storage_server
2.5.4
ibm/elastic_storage_server
2.5.5
ibm/elastic_storage_server
3.0.0
ibm/elastic_storage_server
3.0.1
ibm/elastic_storage_server
3.0.2
ibm/elastic_storage_server
3.0.3
... and 18 more
Published
Jun 19, 2016
Tracked Since
Feb 18, 2026