[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] DSA-2018-126: EMC ECS S3 Authentication Bypass Vulnerability
From: EMC Product Security Response Center <Security_Alert () emc ! com>
Date: 2018-06-19 15:56:50
Message-ID: 1BF8853173D9704A93EF882F85952A894DE007 () MX304CL04 ! corp ! emc ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
DSA-2018-126: EMC ECS S3 Authentication Bypass Vulnerability
Dell EMC Identifier: DSA-2018-126
CVE Identifier: CVE-2018-11052
Severity: Critical
Severity Rating: CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected products:
• Dell EMC ECS version 3.2.0.0
• Dell EMC ECS version 3.2.0.1
Summary:
Dell EMC ECS requires a security update to address an authentication bypass vulnerability that \
can potentially be exploited by malicious users to compromise the affected ECS system. Details:
Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A \
remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects \
by supplying specially crafted S3 requests.
Resolution:
The following Dell EMC ECS patch contains a resolution to this vulnerability:
• A patch to resolve this issue is now available for customers using ECS 3.2.0.0 \
and ECS 3.2.0.1
Dell EMC recommends all customers to apply for the patch at the earliest opportunity by opening \
a Dell EMC ECS service request. Future releases of Dell EMC ECS will contain this remediation.
Link to Request Patch:
Support.emc.com
[The following is standard text included in all security advisories. Please do not change or \
delete.]
Read and use the information in this Dell EMC Security Advisory to assist in avoiding any \
situation that might arise from the problems described herein. If you have any questions \
regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867.
For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase solution emc218831. \
Dell EMC recommends all customers take into account both the base score and any relevant \
temporal and environmental scores which may impact the potential severity associated with \
particular security vulnerability.
Dell EMC recommends that all users determine the applicability of this information to their \
individual situations and take appropriate action. The information set forth herein is provided \
"as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or \
implied, including the warranties of merchantability, fitness for a particular purpose, title \
and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages \
whatsoever including direct, indirect, incidental, consequential, loss of business profits or \
special damages, even if Dell EMC or its suppliers have been advised of the possibility of such \
damages. Some states do not allow the exclusion or limitation of liability for consequential or \
incidental damages, so the foregoing limitation may not apply.
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEazKDH3UU9DEtTDc5dty75+wTzVkFAlspJioACgkQdty75+wT
zVnNUwf+OdxXOvPTASd+NtCJ1gv8wiOGL2c9orrLFTlf+uBZdFoZw4NWpC8wJhyX
qtM4b1YlRpKW0PbmTQnXMuRqNt+ygcDeXxt0uhd95j0ix7c3+s1YVOPJI3F2+Qw/
tqQyZFg6aNPh1kCxXQoUcAEnMe8ObadZtXTBqIq1OBbpnV3g42CjoJ4CbQmKJk95
w3WwIOa7eJG/7vRYZjWYhKI721kbOHGj6BSWV9tVEfKqUB3dc6dv97DjFrtfz1OT
Dn+5D5QCA6AJ62vJqh335p9U4WUrbX5PJmzqDHQvfr4k6d/4OrPDJu7sTL4FvRYA
LsuiH6InrjiTyk4lTCstODPAsOPcdw==
=EeOY
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic