IBM Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem model V840
There are vulnerabilities in OpenSSH to which the IBM® FlashSystem™ V840 is susceptible. An exploit of these vulnerabilities (CVE-2015-6563 and CVE-2015-6564) could allow a remote attacker to bypass security restrictions to gain elevated privileges or conduct an impersonation attack.
CVE(s): CVE-2015-6563, CVE-2015-6564
Affected product(s) and affected version(s):
Affected Products and Versions of FlashSystem V840’s two node types
Storage Node
· Machine Type Models (MTMs) affected include 9846-AE1 and 9848-AE1
· Code versions affected include supported VRMFs:
o 1.3.0.0 – 1.3.0.6
· Code streams NOT affected:
o 1.4 stream
Controller Node
· MTMs affected include 9846-AC0, 9848-AC0, 9846-AC1, and 9848-AC1
· Code streams NOT affected:
· 7.6, 7.7, and 7.8 code streams were NOT affected
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2nZmXn4
X-Force Database: http://ift.tt/2bZYLgC
X-Force Database: http://ift.tt/2c8Vyh9
The post IBM Security Bulletin: Vulnerabilities in OpenSSH affect the IBM FlashSystem model V840 appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2oUGcTv