[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3f7ad3a3683640eea2591c6928462571@AUSX13MPS306.AMER.DELL.COM>
Date: Fri, 7 Sep 2018 12:14:35 +0000
From: <secure@...l.com>
To: <fulldisclosure@...lists.org>
Cc: secure@...l.com
Subject: [FD] DSA-2018-156: Dell EMC VPLEX Insecure File Permissions
vulnerability on Witness
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
DSA-2018-156: Dell EMC VPLEX Insecure File Permissions vulnerability on Witness
Dell EMC Identifier: DSA-2018-156
CVE Identifier: CVE-2018-11078
Severity: Medium
Severity Rating: CVSS v3 Base Score: 4.0 (AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected products:
Only Witness
DELL EMC VPlex Software: GeoSynchrony all 5.4 versions
DELL EMC VPlex Software: GeoSynchrony all 5.5 versions
DELL EMC VPlex Software: GeoSynchrony all 6.0 versions
Summary:
VPlex Witness contains a fix for an Insecure File Permissions vulnerability that could potentially be exploited by malicious users to compromise the affected system.
Details:
Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. A remote authenticated malicious user could read from VPN configuration files on and potentially author a MITM attack on the VPN traffic.
Resolution:
The following Dell EMC VPlex release contains resolutions to these vulnerabilities:
* Dell EMC VPlex GeoSynchrony version 6.1
Dell EMC recommends all customers upgrade at the earliest opportunity.
Link to remedies:
Please contact your local field representative to assist with the planning for the VPLEX upgrade which requires a Change Control Authorization (CCA).
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAluSaocACgkQgSlofD2Y
i6c7rxAAo2FBxnrffBEhFs+yysuesMxd8f1Qep+C3GDtH759hcFSmiRCg3CDDWNs
2yniNrQLwNBtM/9qh0NX4x63HxOVVOsC0a2g+oPMHQjN6W+1Ql0eBFkFoFwCQpIZ
+67znLrXaF4BMZJEF7nr9EZRkb/bUaR+mj7T1ih3dWKp+4jzNwqN/Cd+UL1QsqmE
C2Now1sQjzkH0RlTq4dp4Y4WpiuYpO1cF7yAlqNmxHhkQZjx9BKWZ+1gBVpAr1Ge
EeLkzcwtpayzM4XryZCvZjt2qA+GTxW/mRYOen62pKcWHjsNyALwqVWNshx2l27r
run8/tUVuD998Bzc6P6QyUkokY73cBgvGa7Ca5SAmlxTHra9kenaF/IOQfp1tzQK
mPW1esNalXP+HRRWIAFCC10F+H492OKsA4vUmJmks0oHQnLOTuzzQXCZWNh9zrLG
T3jW4d58NKV9oml/+9a7czOMsTHvNzd+powS6C7KZLo4ltwuynP1Akgtwj1Calvj
HRRRAhJEsG2w1AcfEB0SCr/JDP39S49nWgNWlhESjoPPyuWac9mH71EHQiIgPM+u
GBk14E3RCbxP136zxOgYibDI8Z3w+yWkTs2x4dYCsVB1igocSdzwZJxUrsUAv/B8
nMKoYU+zx/jsC3WEopu4hO361t/w368VAmPLZP6x29wFqUS9K2o=
=+3mo
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists