IBM Security Bulletin: Vulnerabilities in GNU Bash affect the IBM FlashSystem models 840 and 900

Share this post:

There are vulnerabilities in GNU Bash to which the IBM FlashSystem™ 840 and FlashSystem 900 are susceptible. An exploit of these vulnerabilities (CVE-2016-0634, CVE-2016-7543, CVE-2016-9401) could make the system susceptible to an attack which could allow an attacker to execute arbitrary code and commands on the system or bypass the restricted shell.

CVE(s): CVE-2016-0634, CVE-2016-7543, CVE-2016-9401

Affected product(s) and affected version(s):

FlashSystem 840 machine type and models (MTMs) affected include 9840-AE1 and 9843-AE1.
FlashSystem 900 MTMs affected include 9840-AE2 and 9843-AE2.

Supported code versions which are affected
· VRMFs prior to 1.3.0.9
· VRMFs prior to 1.4.8.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ssg1S1012285
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121373
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/121372
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/122314



from IBM Product Security Incident Response Team https://ift.tt/2K9uKLm