Main Vulnerability Database SB2022110422

SB2022110422 - Information disclosure in Dell EMC Isilon OneFS

Published: November 4, 2022

Security Bulletin ID SB2022110422

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Information disclosure (CVE-ID: CVE-2019-5601)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote authenticated user to gain access to sensitive information.

In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding.

Remediation

Install update from vendor's website.

References

https://www.dell.com/support/kbdoc/en-us/000153864/dsa-2019-150-dell-emc-isilon-onefs-security-update-for-unix-file-system-ufs-and-fast-file-system-ffs-kernel-component-vulnerabilities