Multiple vulnerabilities in Dell PowerScale OneFS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2019-18276 CVE-2019-9924 CVE-2016-9401 CVE-2016-7543 |
| CWE-ID | CWE-273 CWE-20 CWE-416 CWE-77 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
PowerScale OneFS Hardware solutions / Firmware |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Improper Check for Dropped Privileges
EUVDB-ID: #VU24690
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2019-18276
CWE-ID:
CWE-273 - Improper Check for Dropped Privileges
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in "disable_priv_mode()" function in shell.c due to the affected software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. A local user with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: 9.1.0.0 - 9.4.0.3
CPE2.3- cpe:2.3:h:dell:powerscale_onefs:9.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerscale_onefs:9.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerscale_onefs:9.1.0.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Input validation error
EUVDB-ID: #VU21785
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-9924
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to "rbash" does not prevent the shell user from modifying BASH_CMDS. A local authenticate user can execute any command with the permissions of the shell.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: 9.1.0.0 - 9.4.0.3
CPE2.3- cpe:2.3:h:dell:powerscale_onefs:9.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerscale_onefs:9.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerscale_onefs:9.1.0.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU33511
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-9401
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.
MitigationInstall update from vendor's website.
Vulnerable software versionsPowerScale OneFS: 9.1.0.0 - 9.4.0.3
CPE2.3- cpe:2.3:h:dell:powerscale_onefs:9.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerscale_onefs:9.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerscale_onefs:9.1.0.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Command injection
EUVDB-ID: #VU13104
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-7543
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary commands on the target system.
Install update from vendor's website.
Vulnerable software versionsPowerScale OneFS: 9.1.0.0 - 9.4.0.3
CPE2.3- cpe:2.3:h:dell:powerscale_onefs:9.1.0.0:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerscale_onefs:9.1.0.1:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powerscale_onefs:9.1.0.2:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
