DSA-2021-180: Dell PowerScale OneFS Security Update for Multiple Vulnerabilities.
Samenvatting: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Dit artikel is van toepassing op
Dit artikel is niet van toepassing op
Dit artikel is niet gebonden aan een specifiek product.
Niet alle productversies worden in dit artikel vermeld.
Impact
Medium
Gegevens
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36305 | Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA may potentially exploit this vulnerability, leading to a denial of service over SMB. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Third-party Component | CVE | More information |
| FreeBSD | CVE-2021-29626 | https://nvd.nist.gov/vuln/detail/CVE-2021-29626 In OneFS, a copy-on-write logic failed to invalidate shared memory page mappings between multiple processes which amy allow an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel. |
| Proprietary Code CVE | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36305 | Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA may potentially exploit this vulnerability, leading to a denial of service over SMB. | 6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Third-party Component | CVE | More information |
| FreeBSD | CVE-2021-29626 | https://nvd.nist.gov/vuln/detail/CVE-2021-29626 In OneFS, a copy-on-write logic failed to invalidate shared memory page mappings between multiple processes which amy allow an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel. |
Getroffen producten en herstel
| CVEs Addressed | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36305 | 8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, and 9.1.1.x | Upgrade your version of OneFS | PowerScale OneFS Downloads Area |
| 8.2.2, 9.1.0.x , and 9.2.1.x | Download and install the latest RUP | ||
| CVE-2021-29626 | 8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, and 9.1.1.x | Upgrade your version of OneFS | |
| 8.2.x, 9.1.0.x , and 9.2.1.x | Download and install the latest RUP |
| CVEs Addressed | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36305 | 8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, and 9.1.1.x | Upgrade your version of OneFS | PowerScale OneFS Downloads Area |
| 8.2.2, 9.1.0.x , and 9.2.1.x | Download and install the latest RUP | ||
| CVE-2021-29626 | 8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, and 9.1.1.x | Upgrade your version of OneFS | |
| 8.2.x, 9.1.0.x , and 9.2.1.x | Download and install the latest RUP |
Tijdelijke oplossingen en risicobeperking
| Workarounds or Mitigations | |
| CVE-2021-36305 | Disabling Continuous Availability (CA) on all SMB shares that has it enabled prevents the issue. |
| CVE-2021-29626 | Disallow ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_LOGIN_SSH privileges to non-administrative users. |
Revisiegeschiedenis
| Revision | Date | Description |
| 1.0 | 30 Sep 2021 | Initial Release |
Verwante informatie
Juridische verklaring van afstand
Getroffen producten
PowerScale OneFS, Product Security InformationArtikeleigenschappen
Artikelnummer: 000192046
Artikeltype: Dell Security Advisory
Laatst aangepast: 15 feb. 2022
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.