Vulners
Lucene search
EMC ScaleIO 2.0.1.x Buffer Overflow / Information Disclosure Vulnerabilities
| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
 | The vulnerability of the ScaleIO debugging storage network service of EMC allows a hacker to execute arbitrary commands. | 1 Feb 201800:00 | – | bdu_fstec |
 | EMC ScaleIO for Linux Information Disclosure Vulnerability | 22 Nov 201700:00 | – | cnvd |
| EMC ScaleIO MDM, SDS and LIA Denial of Service Vulnerabilities | 22 Nov 201700:00 | – | cnvd |
| EMC ScaleIO Buffer Overflow Vulnerability | 22 Nov 201700:00 | – | cnvd |
 | CVE-2017-8001 | 28 Nov 201707:00 | – | cve |
| CVE-2017-8019 | 28 Nov 201707:00 | – | cve |
| CVE-2017-8020 | 28 Nov 201707:00 | – | cve |
 | CVE-2017-8001 | 28 Nov 201707:00 | – | cvelist |
| CVE-2017-8019 | 28 Nov 201707:00 | – | cvelist |
| CVE-2017-8020 | 28 Nov 201707:00 | – | cvelist |
10
ESA-2017-094: EMC ScaleIO Multiple Vulnerabilities
EMC Identifier: ESA-2017-094
CVE Identifier: CVE-2017-8001, CVE-2017-8019, CVE-2017-8020
Severity Rating: CVSSv3 Base Score: See below for CVSS scores for individual CVEs
Affected products:
EMC ScaleIO 2.0.1.x version family (2.0.1.3, 2.0.1.2, 2.0.1.1, 2.0.1)
Summary:
EMC ScaleIO contains a number of vulnerabilities which could potentially be exploited by malicious users to compromise an affected system.
Details:
EMC ScaleIO contains the following vulnerabilities:
* Sensitive Information Disclosure (CVE-2017-8001)
In a Linux environment, one of the EMC ScaleIO support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials.
CVSSv3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
* Denial of Service (CVE-2017-8019)
A vulnerability in ScaleIO message parsers (MDM,SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause denial of service situation .
CVSSv3 Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
* ScaleIO Debugging (SDBG) Service Buffer Overflow CVE-2017-8020)
A buffer overflow vulnerability in ScaleIO SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on affected server.
CVSSv3 Base Score: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Resolution:
The following EMC ScaleIO release contains resolution to these vulnerabilities:
* EMC ScaleIO version 2.0.1.4
For CVE-2017-8001, EMC recommends all customers follow additional steps documented in knowledgebase article 503560.
Link to remedies:
Customers can download software from https://support.emc.com/downloads/33925_ScaleIO-Software.
Credit:
EMC would like to thank David Berard, from Ubisoft Security & Risk Management team, for reporting these vulnerabilities.
# 0day.today [2018-03-14] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Nov 2017 00:00Current
8.4High risk
Vulners AI Score8.4
EPSS0.0859