New Delhi, June 22: The Indian Computer Emergency Response Team (CERT-In), which comes under the Ministry of Electronics & Information Technology, has warned users of multiple vulnerabilities in the ‘Golang Go’ programming language affecting IBM Storage Copy Data Management software. As per the CERT-In advisory, the multiple vulnerabilities — ‘arbitrary code execution vulnerability’ and ‘denial of service vulnerability’ — could allow an attacker to execute arbitrary code or cause a denial of service condition on the targeted system. The arbitrary code execution vulnerability exists in IBM software due to a flaw in Golang Go during the build on Darwin.
“An attacker could exploit this vulnerability by building a specially crafted Go module. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the targeted system,” the cyber agency said. On the other hand, the denial of service vulnerability exists in IBM Storage Copy Data Management due to a flaw in Golang Go which causes high CPU usage in the ‘extractExtendedRCode’ function in the net module. “A remote attacker could exploit this vulnerability by sending a specially crafted DNS message in response to a query,” the advisory mentioned. Successful exploitation of this vulnerability could allow an attacker to cause a denial of service condition on the targeted system. CERT-In has suggested users apply appropriate fix/patches as recommended by the company.
