High
Third-party Component |
CVE(s) |
More information |
FreeBSD |
CVE-2020-7460 |
See NVD (http://nvd.nist.gov) for individual scores for each CVE. |
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
Third-party Component |
CVE(s) |
More information |
FreeBSD |
CVE-2020-7460 |
See NVD (http://nvd.nist.gov) for individual scores for each CVE. |
For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov.
To search for a particular CVE, use the database s search utility at http://web.nvd.nist.gov/view/vuln/search.
Affected products:
Dell EMC PowerScale OneFS versions 9.0.0 and 9.1.0
Dell EMC Isilon OneFS versions 8 2.0 and later
Note:
This was in the compat32 subsystem on 64-bit platforms which had a time-of-check to time-of-use vulnerability that may allow a malicious userspace program to modify control message headers after they are validated.
This may have been exploited by users not in the SecurityAdmin role with either of the ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges.
By default, there are no users with this configuration.
Remediation:
For Dell EMC PowerScale OneFS versions 9.0.0 and 9.1.0, the fix for this issue is included with the October 2020 Roll-up Patch, as well as all future Roll-up Patches. For more information and to obtain a Roll-up patch, see the Current PowerScale and Isilon OneFS Patches document.
For Dell EMC Isilon OneFS version 8.2.2, the fix for this issue is included with the October 2020 Roll-up Patch, as well as all future Roll-up Patches. For more information and to obtain a Roll-up patch, see the Current PowerScale and Isilon OneFS Patches document.
For Dell EMC Isilon OneFS versions earlier than 8.2.0, the vulnerability is not present. For other Dell EMC Isilon OneFS and Dell EMC PowerScale OneFS versions, itis recommended you update to the latest GA supported version of Dell EMC PowerScale OneFS.
Dell recommends all customers upgrade at the earliest opportunity.
Affected products:
Dell EMC PowerScale OneFS versions 9.0.0 and 9.1.0
Dell EMC Isilon OneFS versions 8 2.0 and later
Note:
This was in the compat32 subsystem on 64-bit platforms which had a time-of-check to time-of-use vulnerability that may allow a malicious userspace program to modify control message headers after they are validated.
This may have been exploited by users not in the SecurityAdmin role with either of the ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges.
By default, there are no users with this configuration.
Remediation:
For Dell EMC PowerScale OneFS versions 9.0.0 and 9.1.0, the fix for this issue is included with the October 2020 Roll-up Patch, as well as all future Roll-up Patches. For more information and to obtain a Roll-up patch, see the Current PowerScale and Isilon OneFS Patches document.
For Dell EMC Isilon OneFS version 8.2.2, the fix for this issue is included with the October 2020 Roll-up Patch, as well as all future Roll-up Patches. For more information and to obtain a Roll-up patch, see the Current PowerScale and Isilon OneFS Patches document.
For Dell EMC Isilon OneFS versions earlier than 8.2.0, the vulnerability is not present. For other Dell EMC Isilon OneFS and Dell EMC PowerScale OneFS versions, itis recommended you update to the latest GA supported version of Dell EMC PowerScale OneFS.
Dell recommends all customers upgrade at the earliest opportunity.
None.
Revision | Date | Description |
1.0 | 2020-10-28 | Initial Release |
1.1 | 2021-10-20 | Updated Product Tagging |