Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.2441
Dell EMC VNX Monitoring and Reporting Vulnerabilities
27 September 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Dell EMC VNX Monitoring and Reporting
Publisher: Zero Day Initiative
Operating System: Windows
Linux variants
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2017-8012 CVE-2017-8007
Original Bulletin:
http://www.zerodayinitiative.com/advisories/ZDI-17-826
http://www.zerodayinitiative.com/advisories/ZDI-17-827
Comment: This bulletin contains two (2) security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Dell EMC VNX Monitoring and Reporting RMI Registry Deserialization of
Untrusted Data Denial of Service Vulnerability
ZDI-17-826: September 26th, 2017
CVE ID
CVE-2017-8012
CVSS Score
6.8, (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Affected Vendors
Dell EMC
Affected Products
VNX Monitoring and Reporting
Vulnerability Details
This vulnerability allows remote attackers to create a denial of service on
vulnerable installations of Dell EMC VNX Monitoring and Reporting. Although
authentication is required to exploit this vulnerability, the existing
authentication mechanism can be bypassed.
The specific flaw exists within an exposed RMI registry, which listens on TCP
port 52569 by default. The issue results from the lack of proper validation of
user-supplied data, which can result in deserialization of untrusted data. An
attacker can leverage this vulnerability to create a denial-of-service
condition to users of the system.
Vendor Response
Dell EMC has issued an update to correct this vulnerability. More details can
be found at:
http://seclists.org/fulldisclosure/2017/Sep/51
Disclosure Timeline
2017-05-09 - Vulnerability reported to vendor
2017-09-26 - Coordinated public release of advisory
Credit
This vulnerability was discovered by:
rgod
- ---
Dell EMC VNX Monitoring and Reporting Scheduler Directory Traversal Remote
Code Execution Vulnerability
ZDI-17-827: September 26th, 2017
CVE ID
CVE-2017-8007
CVSS Score
9, (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Affected Vendors
Dell EMC
Affected Products
VNX Monitoring and Reporting
TippingPoint(TM) IPS Customer Protection
TippingPoint IPS customers are protected against this vulnerability by Digital
Vaccine protection filter ID 28230. For further product information on the
TippingPoint IPS:
http://www.tippingpoint.com
Vulnerability Details
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Dell EMC VNX Monitoring and Reporting. Although
authentication is required to exploit this vulnerability, the existing
authentication mechanism can be bypassed.
The specific flaw exists within Scheduler.class. The issue results from the
lack of proper validation of a user-supplied path prior to using it in file
operations. An attacker can leverage this vulnerability to execute arbitrary
code under the context of SYSTEM.
Vendor Response
Dell EMC has issued an update to correct this vulnerability. More details can
be found at:
http://seclists.org/fulldisclosure/2017/Sep/51
Disclosure Timeline
2017-05-04 - Vulnerability reported to vendor
2017-09-26 - Coordinated public release of advisory
Credit
This vulnerability was discovered by:
rgod
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWcsRw4x+lLeg9Ub1AQiQAg/9F0NoDTybw9S6T4ezwtX8b6OsAhiex4HS
TjukE+/0E2iA3Ag9iap5CQ4rhIgPFW6sbdDKlvBmAqnMN/OJz0mHxYsKRWc8qezc
reYUeDYE4vGIbogOfXy8vSlr/H1EgT4a6184U2YusRQ8ht3gznv04DS4Ujb1TyIs
vv8nlrykQGLBTpqUEZ/PApFNa8Cu29qZEu3qAkV9NsKF7ABHpLRMQPGrMg37PLXz
tCuClcOu3cLB/36FUyGHzsq0pjyt/UbEvfGcG8GBHHthWCwkgCs3xnNxzoXl5Lbu
l7SyxNK6ufiV+qPNRH0Q0hUbJos7ptnlRHSD1skG6FyUo6syBWc2RC5Hsff+l/zv
3oB1zCnky3T1FrBEpdJxRM5BBz/rwuM+/MObnGdwR82cPjzvCkJPy0pWbHldbw6w
pssqoxBQCb5swxef9C1T+6j3JwglT0w+sGdIamgiih46ASYO1LxGZEmYNdQR8ZVd
2wbG9tFs2zioqma1GXvwUBgUZWDkqhjz9GIv0k0Ux+eolW9EylM6fLN5LLJpDAcf
oMu7st/wyC18V7AmcNYmaey6nkBkwVPF3gl6qQF6CroP5gry2uSiIviFK2iAEHHc
AQhHiZ+BzY0YRAsHMRnap8H4lnsrIWyxGBmG7XT+rMp47VdOThUCSEuagDsxHsiz
PM3+dbA4z5k=
=XW7y
-----END PGP SIGNATURE-----