Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.1422 A number of vulnerabilities have been identified in EMC Documentum products 20 August 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: EMC WebTop EMC Documentum Administrator EMC Records Client EMC Digital Assets Manager EMC Web Publishers EMC Task Space EMC Documentum Capital Projects EMC Documentum EMC Documentum WDK EMC Documentum Engineering Plant Facilities Management Solution EMC Documentum Records Manager EMC Documentum Content Server Publisher: EMC Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Increased Privileges -- Remote/Unauthenticated Administrator Compromise -- Existing Account Access Privileged Data -- Remote/Unauthenticated Cross-site Request Forgery -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Provide Misleading Information -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-4618 CVE-2014-3470 CVE-2014-2521 CVE-2014-2520 CVE-2014-2518 CVE-2014-2515 CVE-2014-2511 CVE-2014-0224 CVE-2014-0221 CVE-2014-0198 CVE-2014-0195 CVE-2014-0076 CVE-2010-5298 Reference: ESB-2014.0887 Comment: This bulletin contains four (4) EMC security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities EMC Identifier: ESA-2014-059 CVE Identifier: CVE-2014-2511 Severity Rating: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Affected products: EMC WebTop 6.7 SP1, 6.7 SP2 EMC Documentum Administrator 6.7 SP1, 6.7 SP2, 7.0, 7.1. EMC Records Client 6.7 SP1, 6.7 SP2 EMC Digital Assets Manager 6.5SP5, 6.5SP6 EMC Web Publishers 6.5SP6, 6.5SP7 EMC Task Space 6.7SP1, 6.7SP2 EMC Engineering Plant Facilities Management Solution for Documentum 1.7SP1 EMC Documentum Capital Projects 1.8 EMC Documentum Capital Projects 1.9 Summary: EMC Documentum WebTop based products contain fixes for multiple cross-site scripting vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. Details: EMC Documentum WebTop based products contain fixes for multiple cross-scripting vulnerabilities that could potentially be exploited by malicious users to inject arbitrary script via some query string parameters. This may lead to execution of malicious html requests or scripts in the context of an authenticated user. These issues are caused due to the vulnerable parameters 'startat' and 'entryId'. Resolution: The following releases contain the resolution to these issues: EMC Documentum Administrator: o 6.7 SP1 P28 or later o 6.7 SP2 P14 or later o 7.0 P15 or later o 7.1 P06 or later EMC Documentum WebTop: o 6.7 SP1 P28 or later o 6.7 SP2 P14 or later EMC Records Client o 6.7 SP1 P28 or later o 6.7 SP2 P15 or later EMC Digital Assets Manager o 6.5 SP5 P28 or later o 6.5 SP6 P14 or later EMC Web Publishers o 6.5 SP6 P28 or later o 6.5 SP7 P14 or later EMC Task Space o 6.7 SP1 P28 or later o 6.7 SP2 P14 or later EMC Engineering Plant Facilities Management Solution for Documentum o 1.7 SP1 P13 or later EMC Documentum Capital Projects o 1.8 P11 or later o 1.9 P01 or later EMC recommends all customers upgrade to the fixed versions listed above at the earliest opportunity. Link to remedies: Customers can download the software using the links given below for respective products: EMC Documentum Administrator 6.7 SP1: https://emc.subscribenet.com/control/dctm/download?element=3887141 EMC Documentum Administrator 6.7 SP2: https://emc.subscribenet.com/control/dctm/download?element=4541681 EMC Documentum Administrator 7.0: https://emc.subscribenet.com/control/dctm/download?element=4787271 EMC Documentum Administrator 7.1: https://emc.subscribenet.com/control/dctm/download?element=5096401 EMC Webtop 6.7SP1: https://emc.subscribenet.com/control/dctm/download?element=3887191 EMC Webtop 6.7SP2: https://emc.subscribenet.com/control/dctm/download?element=4544381 EMC Records Client 6.7SP1: Webtop 6.7SP1 patch (https://emc.subscribenet.com/control/dctm/download?element=3887191) needs to be applied as per the instructions in Records client readme (https://emc.subscribenet.com/control/dctm/download?element=3887361 ). EMC Records Client 6.7SP2: Webtop 6.7SP2 patch (https://emc.subscribenet.com/control/dctm/download?element=4544381) needs to be applied as per the instructions in Records client readme (https://emc.subscribenet.com/control/dctm/download?element=4544641 ) EMC Digital Assets Manager 6.5 SP5 https://emc.subscribenet.com/control/dctm/download?element=3888781 EMC Digital Assets Manager 6.5 SP6 https://emc.subscribenet.com/control/dctm/download?element=4772311 EMC Web Publishers 6.5 SP6 https://emc.subscribenet.com/control/dctm/download?element=4059311 EMC Web Publishers 6.5 SP7 https://emc.subscribenet.com/control/dctm/download?element=4772271 EMC Task Space 6.7 SP1 https://emc.subscribenet.com/control/dctm/download?element=3887341 EMC Task Space 6.7 SP2 https://emc.subscribenet.com/control/dctm/download?element=4544451 EMC Engineering Plant Facilities Management Solution for Documentum 1.7 SP1 https://emc.subscribenet.com/control/dctm/download?element=4448871 EMC Capital Projects 1.8 https://emc.subscribenet.com/control/dctm/download?element=4928521 EMC Capital Projects 1.9 https://emc.subscribenet.com/control/dctm/download?element=5350311 Credits: EMC would like to thank Lukasz Plonka (Lukasz.Plonka@ingservicespolska.pl) for reporting this issue. Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. EMC Product Security Response Center security_alert@emc.com - ------------------------------------------------------------------------------- ESA-2014-067: EMC Documentum D2 Privilege Escalation Vulnerability EMC Identifier: ESA-2014-067 CVE Identifier: CVE-2014-2515 Severity: CVSSv2 Base Score: 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C) Affected products: EMC Documentum D2 3.1 and patch versions EMC Documentum D2 3.1SP1 and patch versions EMC Documentum D2 4.0 and patch versions EMC Documentum D2 4.1 and patch versions EMC Documentum D2 4.2 and patch versions Summary: EMC Documentum D2 contains a fix for a privilege escalation vulnerability that could be potentially exploited by malicious users to compromise the affected system. Details: D2GetAdminTicketMethod and D2RefreshCacheMethod methods serve a superuser ticket to all requesting parties. A remote authenticated unprivileged user could potentially use these methods to request a superuser ticket and then use that ticket to escalate their privileges. Resolution: EMC strongly recommends all customers upgrade to the fixed versions listed below at the earliest opportunity. The following products contain the resolution to this issue: EMC Documentum D2 3.1P24 EMC Documentum D2 3.1SP1P02 (hotfix) EMC Documentum D2 4.0P11 (hotfix) EMC Documentum D2 4.1P16 EMC Documentum D2 4.2P05 Link to remedies: Customers can download the D2 3.1P24, D2 4.1P16, and D2 4.2P05 patch releases from: https://emc.subscribenet.com Customers can contact EMC support for the hotfix versions of D2 3.1SP1 P02 and D2 4.0 P11 . Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. EMC Product Security Response Center security_alert@emc.com - ------------------------------------------------------------------------------- ESA-2014-073: EMC Documentum Multiple Cross-Site Request Forgery Vulnerabilities EMC Identifier: ESA-2014-073 CVE Identifier: CVE-2014-2518 Severity Rating: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Affected products: EMC Documentum Webtop Versions prior 6.7SP1 P28 EMC Documentum Webtop Versions prior 6.7SP2 P15 EMC Documentum Administrator Versions prior 6.7 SP1 P28 EMC Documentum Administrator Versions prior 6.7 SP2 P15 EMC Documentum Administrator Versions prior 7.0 P15 EMC Documentum Administrator Versions prior 7.1 P06 EMC Documentum WDK Versions prior 6.7SP1 P28 EMC Documentum WDK Versions prior 6.7SP2 P15 EMC Documentum Taskspace versions prior 6.7 SP1 P28 EMC Documentum Taskspace versions prior 6.7 SP2 P15 EMC Documentum Records Manager versions prior 6.7SP1 P28 EMC Documentum Records Manager versions prior 6.7 SP2 P15 EMC Documentum Web Publisher versions prior 6.5 SP7 P15 EMC Documentum Digital Asset Manager versions prior 6.5 SP6 P15 EMC Documentum Engineering Plant Facilities Management Solution, 1.7 SP1 supported on WebTop 6.7SP1 version, prior P13 EMC Documentum Capital Projects, 1.8 supported on WebTop 6.7SP1 version, prior P11 EMC Documentum Capital Projects, 1.8 supported on WebTop 6.7SP2 version, prior P11 EMC Documentum Capital Projects, 1.9 supported on WebTop 6.7SP2 Summary: EMC Documentum WDK and WDK based clients contains fixes for multiple Cross-Site Request Forgery (CSRF) vulnerabilities that could potentially be exploited by malicious users to affect the target system. Details: EMC Documentum WDK based clients may be vulnerable to multiple CSRF vulnerabilities. A malicious unauthenticated attacker can potentially leverage this vulnerability to trick authenticated users of the application to click on specially-crafted links that are embedded within an email, web page or other source and perform Docbase operations with that user privileges. Resolution: The following releases contain the resolution to these issues: EMC Documentum Webtop Versions 6.7SP1 P28 EMC Documentum Webtop Versions 6.7SP2 P15 EMC Documentum Administrator Versions 6.7 SP1 P28 EMC Documentum Administrator Versions 6.7 SP2 P15 EMC Documentum Administrator Versions 7.0 P15 EMC Documentum Administrator Versions 7.1 P06 EMC Documentum Taskspace versions 6.7 SP1 P28 EMC Documentum Taskspace versions 6.7 SP2 P15 EMC Documentum Records Manager versions 6.7SP1 P28 EMC Documentum Records Manager versions 6.7 SP2 P15 EMC Documentum Web Publisher versions 6.5 SP7 P15 EMC Documentum Digital Asset Manager versions 6.5 SP6 P15 EMC Documentum Engineering Plant Facilities Management Solution for Documentum, 1.7 SP1 supported on WebTop 6.7SP1 version, patch 13 EMC Documentum Capital Projects, 1.8 supported on WebTop 6.7SP1 version, patch 11 EMC Documentum Capital Projects, 1.8 supported on WebTop 6.7SP2 version , patch 11 EMC Documentum Capital Projects, 1.9 supported on WebTop 6.7SP2, patch 01 EMC recommends all customers upgrade to the fixed versions listed above at the earliest opportunity. Link to remedies: Customers can download the software using the links given below for respective products: EMC Documentum Webtop Versions 6.7SP1 P28 https://emc.subscribenet.com/control/dctm/download?element=3887191EMC Documentum Webtop Versions 6.7SP2 P15 https://emc.subscribenet.com/control/dctm/download?element=4544381EMC Documentum Administrator Versions 6.7 SP1 P28 https://emc.subscribenet.com/control/dctm/download?element=3887141EMC Documentum Administrator Versions 6.7 SP2 P15 https://emc.subscribenet.com/control/dctm/download?element=4541681EMC Documentum Administrator Versions 7.0 P15 https://emc.subscribenet.com/control/dctm/download?element=4787271EMC Documentum Administrator Versions 7.1 P06 https://emc.subscribenet.com/control/dctm/download?element=5096401EMC Documentum Taskspace versions 6.7 SP1 P28 https://emc.subscribenet.com/control/dctm/download?element=3887341EMC Documentum Taskspace versions 6.7 SP2 P15 https://emc.subscribenet.com/control/dctm/download?element=4544451EMC Documentum Records Manager versions 6.7SP1 P28 https://emc.subscribenet.com/control/dctm/download?element=3887351EMC Documentum Records Manager versions 6.7 SP2 P15 https://emc.subscribenet.com/control/dctm/download?element=4544631EMC Documentum Web Publisher versions 6.5 SP7 P15 https://emc.subscribenet.com/control/dctm/download?element=4772271EMC Documentum Digital Asset Manager versions 6.5 SP6 P15 https://emc.subscribenet.com/control/dctm/download?element=4772311EMC Engineering Plant Facilities Management Solution for Documentum 1.7 SP1 P13 https://emc.subscribenet.com/control/dctm/download?element=4448871 EMC Capital Projects 1.8 P11 https://emc.subscribenet.com/control/dctm/download?element=4928521EMC Capital Projects 1.9 P01 https://emc.subscribenet.com/control/dctm/download?element=5350311 Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. EMC Product Security Response Center security_alert@emc.com - ------------------------------------------------------------------------------- ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities EMC Identifier: ESA-2014-079 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE Affected products: All EMC Documentum Content Server versions of 7.1 prior to P07 All EMC Documentum Content Server versions of 7.0 All EMC Documentum Content Server versions of 6.7 SP2 prior to P16 All EMC Documentum Content Server versions of 6.7 SP1 All EMC Documentum Content Server versions prior to 6.7 SP1 Summary: EMC Documentum Content Server contains fixes for multiple vulnerabilities which also include vulnerabilities disclosed by the OpenSSL project on June 5, 2014 in OpenSSL. Details: EMC Documentum Content Server may be susceptible to the following vulnerabilities: Arbitrary Code Execution (CVE-2014-4618): Authenticated non-privileged users can potentially execute Documentum methods with higher level privileges (up to and including superuser privileges) due to improper authorization checks being performed on user-created system objects. CVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P) DQL Injection (CVE-2014-2520): Certain DQL hints in EMC Documentum Content Server may be potentially exploited by an authenticated non-privileged malicious user to conduct DQL injection attacks and read the database contents. This issue only affects Content Server running on Oracle database. CVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N) Information Disclosure (CVE-2014-2521): Authenticated non-privileged users are allowed to retrieve meta-data of unauthorized system objects due to improper authorization checks being performed on certain RPC commands in Content Server. CVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N) Multiple OpenSSL vulnerabilities (See individual CVEs below and refer to NVD for each of their scores): SSL/TLS Man-in-the-middle (MITM) vulnerability (CVE-2014-0224) DTLS recursion flaw (CVE-2014-0221) DTLS invalid fragment vulnerability (CVE-2014-0195) SSL_MODE_RELEASE_BUFFERS NULL pointer deference (CVE-2014-0198) SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298) Anonymous ECDH denial of service (CVE-2014-3470) FLUSH + RELOAD cache side-channel attack (CVE-2014-0076) For more information about these vulnerabilities, please visit the original OpenSSL advisory https://www.openssl.org/news/secadv_20140605.txt Resolution: The following versions contain the resolution for these issues: EMC Documentum Content Server version 7.1 P07 and later EMC Documentum Content Server version 7.0: Hotfixes are available for Windows & Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. EMC Documentum Content Server version 6.7 SP2 P16 and later EMC Documentum Content Server version 6.7 SP1: Hotfixes are available for Windows & Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. EMC recommends all customers to upgrade to one of the above versions at the earliest opportunity. Link to remedies: Registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/2732_Documentum-Server For Hotfix, contact EMC Support. Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. EMC Product Security Response Center security_alert@emc.com - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU/Q63xLndAQH1ShLAQLGPw/+KavYIcjMSz6/95EH8lGy9Yry7aSygiRH VJkbCcI3JgbH0kF415fJFLVS+2Booq2Z/3TqOyet5/hiIiYjfWnKiM2ha6osKgyk KNOKmA2K8+sXDUnc+4RALa1g1/e0/jgZNWHcYW7nKr1KfdLDKjG4501ecdzzrvX8 w52QiQy51C492wJuRGoyZ4WzE5wyjYdw6fUAxwUN0HRRk89dgyvOFBMqkXXbs+dk QE2Da4cRVPLAR5LQHY9Y4x9hhzmJXxEs6XCt3B8Cxz8ANUXLd1y94DndXSLVUQbg 0gzHmr+TzyxZKGJERpb735qscGv3MtD67SZfDRjeof5Vk6ZVWQ8ZrWzk9IJ9LhN7 Br0Pv3Wefs4LLHGu75qxtW3slj5P5m5m+FYH4hJgNsFDHVtVDezZApOdb3FnYEVy 7BqjaLELGNgeJF5Nl9NVQNtLvbqeg0uv3ULcgGayCif3vhDab4m2coQ/VF4l7EJ6 bMRHtai1P1nJw4KsefuS2hF+L7Et4BuUmKsYgOEmAbSWe5GUZ7GZV0sjFmSsdbUZ Ipax4oyFHXgC+t6un1ualxJyWG7uIOIU+Vdgn9EijMSo/7EAItB9qXPaxe8WA2+z 9wAmApB4LTDiILv1pKstxbJocKrtQuPE4r0CjE9IlmW8Qq2KN4BlENsW3lccDBnc 6+TkHBh2YFc= =xtkY -----END PGP SIGNATURE-----