###[IBM Spectrum LSF Privilege Escalation]###
* Software: IBM Spectrum LSF
* Affected Versions: IBM Spectrum LSF 8.3, 9.1.1, 9.1.2, 9.1.3, 10.1, 10.1.0.1
* CVE Reference: CVE-2017-1205
* Author: John Fitzpatrick (@j0hn__f)
* Severity: CVSS 9.3
* Vendor: IBM
* Vendor Response: Fixes provided
###[DDN Default SSH Keys]###
DDN SFA devices have default SSH keys in place
* Product: DDN SFA storage devices, all versions, all models
* Severity: High
* CVE Reference: NO CVE ASSIGNED - MWR ref: MWR-2016-0002
* Type: Default Credentials
* Author: John Fitzpatrick
* Date: 2016-06-15
: John Fitzpatrick
* Date: 2016-06-15
## Description
The mechanism used for updating firmware on DDN controllers is insecure
allowing for privilege escalation to root.
## Impact
Exploitation of this issue can allow for code execution as root allowing an
adversary to gain full access
###[IBM GPFS / Spectrum Scale Command Injection]###
A command injection vulnerability in GPFS / Spectrum Scale allows attackers to
escalate privileges to root
* Product: IBM GPFS / Spectrum Scale
* Severity: High
* CVE Reference: CVE-2016-0392
* Type: Command injection
* Author: John
[SGI Tempo System Database Exposure]
Software: SGI Tempo (SGI ICE-X Supercomputers)
Affected Versions: Unknown
CVE Reference: CVE-2014-7303
Author: John Fitzpatrick, MWR Labs
Severity: Low Risk
Vendor: Silicon Graphics International Corp (SGI)
Vendor Response: Uncooperative
[Description
[SGI SUID Root Privilege Escalation]
Software: SGI Tempo (SGI ICE-X Supercomputers)
Affected Versions: Unknown
CVE Reference: CVE-2014-7302
Author: Luke Jennings, John Fitzpatrick, MWR Labs
Severity: Medium Risk
Vendor: Silicon Graphics International Corp (SGI)
Vendor Response: Uncooperative
[SGI Tempo System Database Password Exposure]
Software: SGI Tempo (SGI ICE-X Supercomputers)
Affected Versions: Unknown
CVE Reference: CVE-2014-7301
Author: John Fitzpatrick, MWR Labs
Severity: Medium Risk
Vendor: Silicon Graphics International Corp (SGI)
Vendor Response: Uncooperative
##[Moab Authentication Bypass : CVE-2014-5300]##
Software: Moab
Affected Versions: All versions prior to Moab 7.2.9 and Moab 8
CVE Reference: CVE-2014-5300
Author: John Fitzpatrick, MWR Labs (http://labs.mwrinfosecurity.com/)
Severity: High Risk
Vendor: Adaptive Computing
Vendor Response
##[Moab User Impersonation : CVE-2014-5375]##
Software: Moab
Affected Versions: All current versions of Moab. However, the impact is limited
in Moab 7.2.9 and Moab 8.
CVE Reference: CVE-2014-5375
Author: John Fitzpatrick, Luke Jennings MWR Labs
(http://labs.mwrinfosecurity.com/)
Severity: High
##[Moab Authentication Bypass (insecure message signing) : CVE-2014-5376]##
Software: Moab
Affected Versions: Dependent on configuration, can affect all versions of Moab
including Moab 8
CVE Reference: CVE-2014-5376
Author: John Fitzpatrick, Luke Jennings MWR Labs
(http
to and including 2.5.13
CVE Reference: CVE-2014-0749
Authors: John Fitzpatrick (MWR Labs)
Severity: High Risk
Vendor: Adaptive Computing
Vendor Response: Incorporated MWR supplied fix into 2.5 development branch, no
advisory
[Description]
A buffer overflow exists in older versions of TORQUE which can
to
mitigate this issue.
[Software]: Aprun/apinit (Cray)
[Affected Versions]: This issue was resolved in CLE 5.1.UP00 CLE 4.2.UP02
[CVE Reference]: CVE-2014-0748
[Authors]: John Fitzpatrick Luke Jennings
[Severity]: High Risk
[Vendor]: Cray inc.
[Vendor Response]: Acknowledged, resolved, update
12 matches
Mail list logo
