EMC RecoverPoint command injection in SSH username

2018-07-05T00:00:00
ID SAINT:42B66F6BD777DC6CD34D8B75530C5CD7
Type saint
Reporter SAINT Corporation
Modified 2018-07-05T00:00:00

Description

Added: 07/05/2018
CVE: CVE-2018-1235
BID: 104246

Background

Dell EMC RecoverPoint is an application recovery solution.

Problem

A command injection vulnerability allows a remote attacker to execute arbitrary commands embedded in the username of an SSH authentication request.

Resolution

Upgrade to Dell EMC RecoverPoint for Virtual Machines 5.1.1.3 or higher, or to Dell EMC RecoverPoint 5.1.2 or later.

References

<http://seclists.org/fulldisclosure/2018/May/61>
<https://www.foregenix.com/blog/foregenix-identify-multiple-dellemc-recoverpoint-zero-day-vulnerabilities>

Platforms

Linux