CVE-2017-8019

An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers MDM, SDS, and LIA could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation...

CVE-2017-8020

An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server...

CVE-2017-8001

An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the...

CVE-2017-8001

An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the...

CVE-2017-8001

CVE-2017-8001 affects EMC ScaleIO 2.0.1.x on Linux. A support script saves the ScaleIO MDM user’s credentials in clear text to temporary log files, which may be readable by an unprivileged user with server access. Root cause: credentials stored in clear text in temp files. Documented impact inclu...

CVE-2017-8020

CVE-2017-8020 affects EMC ScaleIO 2.0.1.x; a buffer overflow in the SDBG service may allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on the affected server. Connected documents corroborate the product/version and root cause (buffer overflow in SDBG), and...

CVE-2017-8019

CVE-2017-8019 affects EMC ScaleIO 2.0.1.x. A vulnerability in the message parsers used by MDM, SDS, and LIA could allow an unauthenticated remote attacker to send specially crafted packets to stop ScaleIO services, causing a denial-of-service. The issue is triggered by parsing crafted messages; n...

CVE-2017-8020

An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server...

CVE-2017-8019

An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers MDM, SDS, and LIA could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation...

EMC ScaleIO 2.0.1.x Buffer Overflow / Information Disclosure Vulnerabilities

EMC ScaleIO versions 2.0.1.3, 2.0.1.2, 2.0.1.1, and 2.0.1 suffer from information disclosure, denial of service, and buffer overflow vulnerabilities. ESA-2017-094: EMC ScaleIO Multiple Vulnerabilities EMC Identifier: ESA-2017-094 CVE Identifier: CVE-2017-8001, CVE-2017-8019, CVE-2017-8020 Severit...

EMC ScaleIO for Linux Information Disclosure Vulnerability

EMC ScaleIO for Linux is a software-defined solution for converting DAS storage to shared data block storage based on the Linux platform from EMC. An information disclosure vulnerability exists in EMC ScaleIO version 2.0.1.x for Linux-based platforms, which originates when the program saves the...

EMC ScaleIO Buffer Overflow Vulnerability

EMC ScaleIO is a software-defined solution for converting DAS storage to shared data block storage from EMC. A buffer overflow vulnerability exists in EMC ScaleIO version 2.0.1.x. A remote attacker could exploit this vulnerability to execute arbitrary commands with root privileges...

EMC ScaleIO MDM, SDS and LIA Denial of Service Vulnerabilities

EMC ScaleIO is a software-defined solution for converting DAS storage to shared data block storage from EMC Corporation, U.S.A. MDM, SDS, and LIA are among the message resolvers. A denial of service vulnerability exists in MDM, SDS, and LIA in EMC ScaleIO version 2.0.1.x. The vulnerability can be...

EMC ScaleIO Local Denial of Service Vulnerability

EMC ScaleIO is a software-defined solution that converts existing DAS storage to shared data block storage using the user's existing hardware or EMC servers. A local denial of service vulnerability exists in EMC ScaleIO. An attacker could exploit this vulnerability to cause a denial of service...

EMC ScaleIO Local Elevation of Privilege Vulnerability

EMC ScaleIO is a software-defined solution that converts existing DAS storage to shared data block storage using the user's existing hardware or EMC servers. A local elevation of privilege vulnerability exists in EMC ScaleIO. A local attacker could exploit this vulnerability to execute arbitrary...

EMC ScaleIO Denial of Service Vulnerability

EMC ScaleIO is a software-defined solution that converts existing DAS storage to shared data block storage using the user's existing hardware or EMC servers. A local denial of service vulnerability exists in EMC ScaleIO. An attacker could exploit this vulnerability to cause a denial of service...

Double free

An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO Data Client SDC server unavailable...

Code injection

An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client SDC servers...

Code injection

An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client SDC server unavailable until the next reboot...

CVE-2016-9867

An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client SDC servers...