DSA-2021-180: Dell PowerScale OneFS Security Update for Multiple Vulnerabilities.
요약: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
Medium
세부 정보
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36305 | Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA may potentially exploit this vulnerability, leading to a denial of service over SMB. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Third-party Component | CVE | More information |
| FreeBSD | CVE-2021-29626 | https://nvd.nist.gov/vuln/detail/CVE-2021-29626 In OneFS, a copy-on-write logic failed to invalidate shared memory page mappings between multiple processes which amy allow an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel. |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36305 | Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA may potentially exploit this vulnerability, leading to a denial of service over SMB. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Third-party Component | CVE | More information |
| FreeBSD | CVE-2021-29626 | https://nvd.nist.gov/vuln/detail/CVE-2021-29626 In OneFS, a copy-on-write logic failed to invalidate shared memory page mappings between multiple processes which amy allow an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel. |
영향을 받는 제품 및 문제 해결
| CVEs Addressed | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36305 | 8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, and 9.1.1.x | Upgrade your version of OneFS | PowerScale OneFS Downloads Area |
| 8.2.2, 9.1.0.x , and 9.2.1.x | Download and install the latest RUP | ||
| CVE-2021-29626 | 8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, and 9.1.1.x | Upgrade your version of OneFS | |
| 8.2.x, 9.1.0.x , and 9.2.1.x | Download and install the latest RUP |
| CVEs Addressed | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36305 | 8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, and 9.1.1.x | Upgrade your version of OneFS | PowerScale OneFS Downloads Area |
| 8.2.2, 9.1.0.x , and 9.2.1.x | Download and install the latest RUP | ||
| CVE-2021-29626 | 8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, and 9.1.1.x | Upgrade your version of OneFS | |
| 8.2.x, 9.1.0.x , and 9.2.1.x | Download and install the latest RUP |
해결 방법 및 완화 방안
| Workarounds or Mitigations | |
| CVE-2021-36305 | Disabling Continuous Availability (CA) on all SMB shares that has it enabled prevents the issue. |
| CVE-2021-29626 | Disallow ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_LOGIN_SSH privileges to non-administrative users. |
개정 내역
| Revision | Date | Description |
| 1.0 | 30 Sep 2021 | Initial Release |
관련 정보
법적 고지 사항
해당 제품
PowerScale OneFS, Product Security Information문서 속성
문서 번호: 000192046
문서 유형: Dell Security Advisory
마지막 수정 시간: 15 2월 2022
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.