CVE-2016-0392

HIGH

IBM Elastic Storage Server 2.5.x-2.5.5, 3.x < 3.5.5, 4.x < 4.0.3 - Privilege Escalation via Setuid Program Parameter

Title source: llm
STIX 2.1

Description

IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/91082
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV84206
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036458
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/538620/100/0/threaded

Scores

CVSS v3 8.4
EPSS 0.0050
EPSS Percentile 39.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-284
Status published
Products (28)
ibm/elastic_storage_server 2.5.0
ibm/elastic_storage_server 2.5.1
ibm/elastic_storage_server 2.5.2
ibm/elastic_storage_server 2.5.3
ibm/elastic_storage_server 2.5.4
ibm/elastic_storage_server 2.5.5
ibm/elastic_storage_server 3.0.0
ibm/elastic_storage_server 3.0.1
ibm/elastic_storage_server 3.0.2
ibm/elastic_storage_server 3.0.3
... and 18 more
Published Jun 19, 2016
Tracked Since Feb 18, 2026