| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Mar 2015 22:22:34 +0100 From: "Securify B.V." <lists@...urify.nl> To: fulldisclosure@...lists.org Subject: [FD] Command injection vulnerability in EMC Secure Remote Services Virtual Edition ------------------------------------------------------------------------ Command injection vulnerability in EMC Secure Remote Services Virtual Edition ------------------------------------------------------------------------ Han Sahin, November 2014 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE. ------------------------------------------------------------------------ Affected versions ------------------------------------------------------------------------ EMC reports that the following versions are affected by this vulnerability: - EMC Secure Remote Services Virtual Edition 3.02 - EMC Secure Remote Services Virtual Edition 3.03 ------------------------------------------------------------------------ See also ------------------------------------------------------------------------ - CVE-2015-0525 - ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ EMC released EMC Secure Remote Services Virtual Edition 3.04 that resolves this vulnerability. Registered EMC Online Support customers can download patches and software from support.emc.com at: EMC Secure Remote Services -> EMC Secure Remote Services Virtual Edition -> Downloads ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20141112/command_injection_vulnerability_in_emc_secure_remote_services_virtual_edition.html _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists