ESB-2017.2441 - [Win][Linux] Dell EMC VNX Monitoring and Reporting: Multiple vulnerabilities 2017-09-27

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2441
           Dell EMC VNX Monitoring and Reporting Vulnerabilities
                             27 September 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Dell EMC VNX Monitoring and Reporting
Publisher:         Zero Day Initiative
Operating System:  Windows
                   Linux variants
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Denial of Service               -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-8012 CVE-2017-8007 

Original Bulletin: 
   http://www.zerodayinitiative.com/advisories/ZDI-17-826
   http://www.zerodayinitiative.com/advisories/ZDI-17-827

Comment: This bulletin contains two (2) security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

Dell EMC VNX Monitoring and Reporting RMI Registry Deserialization of 
Untrusted Data Denial of Service Vulnerability

ZDI-17-826: September 26th, 2017

CVE ID

CVE-2017-8012

CVSS Score

6.8, (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Affected Vendors

Dell EMC

Affected Products

VNX Monitoring and Reporting

Vulnerability Details

This vulnerability allows remote attackers to create a denial of service on 
vulnerable installations of Dell EMC VNX Monitoring and Reporting. Although 
authentication is required to exploit this vulnerability, the existing 
authentication mechanism can be bypassed.

The specific flaw exists within an exposed RMI registry, which listens on TCP
port 52569 by default. The issue results from the lack of proper validation of
user-supplied data, which can result in deserialization of untrusted data. An
attacker can leverage this vulnerability to create a denial-of-service 
condition to users of the system.

Vendor Response

Dell EMC has issued an update to correct this vulnerability. More details can
be found at:

http://seclists.org/fulldisclosure/2017/Sep/51

Disclosure Timeline

2017-05-09 - Vulnerability reported to vendor

2017-09-26 - Coordinated public release of advisory

Credit

This vulnerability was discovered by:

rgod

- ---

Dell EMC VNX Monitoring and Reporting Scheduler Directory Traversal Remote 
Code Execution Vulnerability

ZDI-17-827: September 26th, 2017

CVE ID

CVE-2017-8007

CVSS Score

9, (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Affected Vendors

Dell EMC

Affected Products

VNX Monitoring and Reporting

TippingPoint(TM) IPS Customer Protection

TippingPoint IPS customers are protected against this vulnerability by Digital
Vaccine protection filter ID 28230. For further product information on the 
TippingPoint IPS:

http://www.tippingpoint.com

Vulnerability Details

This vulnerability allows remote attackers to execute arbitrary code on 
vulnerable installations of Dell EMC VNX Monitoring and Reporting. Although 
authentication is required to exploit this vulnerability, the existing 
authentication mechanism can be bypassed.

The specific flaw exists within Scheduler.class. The issue results from the 
lack of proper validation of a user-supplied path prior to using it in file 
operations. An attacker can leverage this vulnerability to execute arbitrary 
code under the context of SYSTEM.

Vendor Response

Dell EMC has issued an update to correct this vulnerability. More details can
be found at:

http://seclists.org/fulldisclosure/2017/Sep/51

Disclosure Timeline

2017-05-04 - Vulnerability reported to vendor

2017-09-26 - Coordinated public release of advisory

Credit

This vulnerability was discovered by:

rgod

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWcsRw4x+lLeg9Ub1AQiQAg/9F0NoDTybw9S6T4ezwtX8b6OsAhiex4HS
TjukE+/0E2iA3Ag9iap5CQ4rhIgPFW6sbdDKlvBmAqnMN/OJz0mHxYsKRWc8qezc
reYUeDYE4vGIbogOfXy8vSlr/H1EgT4a6184U2YusRQ8ht3gznv04DS4Ujb1TyIs
vv8nlrykQGLBTpqUEZ/PApFNa8Cu29qZEu3qAkV9NsKF7ABHpLRMQPGrMg37PLXz
tCuClcOu3cLB/36FUyGHzsq0pjyt/UbEvfGcG8GBHHthWCwkgCs3xnNxzoXl5Lbu
l7SyxNK6ufiV+qPNRH0Q0hUbJos7ptnlRHSD1skG6FyUo6syBWc2RC5Hsff+l/zv
3oB1zCnky3T1FrBEpdJxRM5BBz/rwuM+/MObnGdwR82cPjzvCkJPy0pWbHldbw6w
pssqoxBQCb5swxef9C1T+6j3JwglT0w+sGdIamgiih46ASYO1LxGZEmYNdQR8ZVd
2wbG9tFs2zioqma1GXvwUBgUZWDkqhjz9GIv0k0Ux+eolW9EylM6fLN5LLJpDAcf
oMu7st/wyC18V7AmcNYmaey6nkBkwVPF3gl6qQF6CroP5gry2uSiIviFK2iAEHHc
AQhHiZ+BzY0YRAsHMRnap8H4lnsrIWyxGBmG7XT+rMp47VdOThUCSEuagDsxHsiz
PM3+dbA4z5k=
=XW7y
-----END PGP SIGNATURE-----

« Back to bulletins