copyright
|
disclaimer
|
privacy
|
contact
HOME
About
AusCERT
Membership
Contact Us
PKI Services
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
Login »
Become a member »
Home
»
Security Bul...
»
Security Bul...
»
AusCERT Exte...
» ESB-2011.0734 - [Win] EMC Documentum eRoom Indexing ...
ESB-2011.0734 - [Win] EMC Documentum eRoom Indexing Server: Execute arbitrary code/commands - Remote/unauthenticated
Date:
19 July 2011
Click here for printable version
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2011.0734 EMC Documentum eRoom Indexing Server HummingBird Client Connector Buffer Overflow Vulnerability 19 July 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: EMC Documentum eRoom Indexing Server Publisher: EMC Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2011-1741 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-022: EMC Documentum eRoom Indexing Server HummingBird Client Connector Buffer Overflow Vulnerability EMC Identifier: ESA-2011-022 CVE Identifier: CVE-2011-1741 Severity Rating: CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) Affected products: EMC Documentum eRoom versions 7.x Vulnerability Summary: EMC Documentum eRoom?s Indexing Server contains a buffer overflow vulnerability which can be exploited to cause a denial of service, or possibly, arbitrary code execution. Vulnerability Details: The HummingBird Client Connector (ftserver.exe) used by affected versions of EMC Documentum eRoom?s Indexing Server contains a buffer overflow vulnerability. The vulnerability may allow a remote unauthenticated user to send a specially-crafted message over TCP to cause a denial of service, or possibly, execute arbitrary code. Problem Resolution: The following EMC Documentum eRoom products contain resolutions to this issue. The HummingBird Client Connector has been replaced by a new interface which is not susceptible to this vulnerability. ? EMC Documentum eRoom 7.4.3.f. EMC strongly recommends all customers upgrade at the earliest opportunity. Link to remedies: Registered EMC Powerlink customers can download software from Powerlink. For EMC Documentum eRoom Software, navigate in Powerlink to Home > Support > Software Downloads and Licensing > Downloads D > Documentum eRoom EMC has created an eRoom Sizing Tool with related documentation that helps customers with the eRoom deployment sizing process. EMC strongly recommends that eRoom Administrators read and understand the provided documentation, run the eRoom Sizing Tool and review its results, perform the eRoom 7.4.3 upgrade to a test or staging environment, and complete thorough performance testing in the test or staging environment prior to a production upgrade. Failure to complete these steps may lead to an unplanned eRoom 7.4.3 outage. Refer to EMC ETA esg112401 for the details. Because the view is restricted based on customer agreements, you may not have permission to view certain downloads. Should you not see a software download you believe you should have access to, follow the instructions in EMC Knowledgebase solution emc116045. Credits: EMC would like to thank Stephen Fewer of Harmony Security (www.harmonysecurity.com) working with TippingPoint's Zero Day Initiative (http://www.zerodayinitiative.com) for reporting this issue. For explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends that all customers take into account both the base score and any relevant temporal and environmental scores, which may impact the potential severity associated with particular security vulnerability. EMC Corporation distributes EMC Security Advisories in order to bring to the attention of users of the affected EMC products important security information. EMC recommends all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall EMC or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. EMC Product Security Response Center Security_Alert (at) EMC (dot) com [email concealed] http://www.emc.com/contact-us/contact/product-security-response-center.h tm - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Cygwin) iEYEARECAAYFAk4gdTYACgkQtjd2rKp+ALzvwgCfRra9Q2OjDs9Nq2yvDmdR2WqG zWIAn2R1lquLRvn9lbXFVFRbu97dJ58L =j9JX - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTiTWHu4yVqjM2NGpAQLS7xAArxL+9UDzIfg469zzU34kk/mh14e+8KzY XxPgOHBd64GbyB722URWJqRiNQnPSYExsTPuqa7IBazmRot1pC2dgIF4OlVDyUMH zXL2cSRsk+MKgGXlbGvBUF693d9Jya31kxkY192p8EILJzVapUSY7gPAmDGedooI T0AWbU5kZU3DsoyblU4D+Al+rsVQ+ixXnPIC1COMpWFISDl93GdKyJAPUCv2AYxd 0ReG6q2GJKr3diU8/LUEoXYWUWPGcQIQp+d6+/zZKMmbD9kGVIo4hQSe596P5nIF jdff5lgUZT+31eiT/FML7d6U13GiozlzLxYZTEy8efwCWUSCteStsOfc6fi4V87X DXZg9IjwM1/k6GtT4bPEZ6JJd0lZl6fyCtBYQV8Hp2E66AlVR9Sub+Te47hL9E44 PvKrggbAeh0pAPhAbVM8qGB7dZ+JrKbvkgU16Ppd+Wl/P6iQEaLLod86DhY0RSmx Hn+QQzXAHjg74vSmNgMxFOM673+cnNvBZl5YqihSQNKS5JEJZVY9FM4L2g1OrGWy stT6irCXDymFGm0Mt4jtX+ZQPD8Se194rtGpmf9Lvj5suKS9mN6GDv/eQ7fGhNzW QseHH8Z32DSAbGrktU3sESnUM7SPLlVtJsobg3uAR1hnPQT38ovquvjcwixWZUgm NP0+RRpx1Xs= =4IDU -----END PGP SIGNATURE-----
Comments? Click here
http://www.auscert.org.au/render.html?cid=1980&it=14597