OnDemand User Group

General => Announcements & News => Topic started by: Justin Derrick on September 28, 2022, 01:37:19 PM

Title: SECURITY: ZLib vulnerability in CMOD
Post by: Justin Derrick on September 28, 2022, 01:37:19 PM: IBM released a security bulletin for an old vulnerability from 2018 that affects current versions of CMOD:

https://www.ibm.com/support/pages/node/6824729

In short, it would allow an attacker that ALREADY has a very high level of access to your system to cause CMOD to crash.

Upgrading to the latest fixpack is always a good idea, this is just another reason to stay current on patches.

Ask your questions below, and I'll ask the developers to pop by and respond. Thanks.

-JD.
Title: Re: SECURITY: ZLib vulnerability in CMOD
Post by: Justin Derrick on October 05, 2022, 10:20:07 AM: Just a brief update. I've exchanged eMails with IBM, and in order to exploit this bug, an attacker would need access to modify data in the cache or secondary storage (Tivoli Storage Manager / Spectrum Protect / Cloud Storage Buckets / Filesystems). This is a pretty extreme level of access, meaning that any attacker looking to exploit this bug would already be able to do far more damage than simply crash CMOD instances.

In short, the level of risk associated with this alert is extremely low.

-JD.

SMF 2.0.9 | SMF © 2014, Simple Machines