[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities

To: "bugtraq@xxxxxxxxxxxxxxxxx" <bugtraq@xxxxxxxxxxxxxxxxx>, "dm@xxxxxxxxxxxxxxxxx" <dm@xxxxxxxxxxxxxxxxx>
Subject: ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and Information Disclosure Vulnerabilities
From: Security Alert <Security_Alert@xxxxxxx>
Date: Wed, 16 Apr 2014 13:40:30 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-028: EMC Cloud Tiering Appliance XML External Entity (XXE) and 
Information Disclosure Vulnerabilities 

EMC Identifier: ESA-2014-028

CVE Identifier: CVE-2014-0644, CVE-2014-0645

Severity Rating: CVSS v2 Base Score: See below for individual scores

Affected products:  
?       EMC Cloud Tiering Appliance (CTA) 10 
?       EMC Cloud Tiering Appliance (CTA) 10 SP1
?       EMC Cloud Tiering Appliance (CTA) 9.x
?       EMC File Management Appliance (FMA) 7.x
                     
Summary: 
EMC CTA is vulnerable to XML External Entity (XXE) and information disclosure 
vulnerabilities that may allow a remote malicious user to compromise the 
affected system.

Details:  
EMC CTA versions 10 and 10 SP1 are vulnerable to XXE attack (CVE-2014-0644) 
which may allow a remote unauthenticated user to access arbitrary files on the 
affected system with root privileges. The exploit code that exposes the 
password file has been made available to the public. This vulnerability does 
not affect CTA 9.x and FMA 7.x versions.

CVSS 8.5 (AV:N/AC:L/Au:N/C:C/I:N/A:P)

In addition, the default passwords for built-in accounts (?root?, ?super?, 
?admin?) are stored using a weak DES encryption algorithm (CVE-2014-0644).  
This issue does not affect passwords changed during installation/usage of the 
product and/or for newly added accounts. This issue affects all versions of CTA 
and FMA.    

CVSS 6.6 (AV:L/AC:M/Au:S/C:C/I:C/A:C)

Resolution:  
The following EMC CTA Hot Fixes contain a resolution to the XXE vulnerability:
?       CTA 10.0 SP1 Hot Fix for ESA-2014-028
?       CTA 10.0 Hot Fix for ESA-2014-028
EMC strongly recommends all CTA 10.0 and 10SP1 customers apply the hotfixes 
above at the earliest opportunity.

EMC strongly recommends all CTA and FMA customers change the default password 
for all users namely SSH users "root" and "super" as well as GUI "admin" 
accounts.  See CTA Getting Started Guide for information on how to change 
passwords.

Link to remedies:

Customers with CTA 10.0 and CTA 10.0 SP1 can download the hotfix and 
instructions to apply the hotfix from the following Support Zone links.

10.0: 
https://download.emc.com/downloads/DL53068_CTA-10.0-Hot-Fix-for-ESA-2014-028.zip
10.0 SP1: 
https://download.emc.com/downloads/DL53069_CTA-10.0-SP1-Hot-Fix-for-ESA-2014-028.zip
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Cygwin)

iEYEARECAAYFAlNOc9kACgkQtjd2rKp+ALz1GwCfUvfwfZc4uUp2HZfjeD2DSDWG
hvsAnRIFbT0S9k+Js25cOk2TbfbrUXEg
=2/VV
-----END PGP SIGNATURE-----

Prev by Date: [security bulletin] HPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server (On-Premises Software), Running OpenSSL, Remote Disclosure of Information
Next by Date: [Security Advisory] Stored Cross Site Scripting in Ektron CMS 8.7
Previous by thread: [security bulletin] HPSBMU02999 rev.1 - HP Software Autonomy WorkSite Server (On-Premises Software), Running OpenSSL, Remote Disclosure of Information
Next by thread: [Security Advisory] Stored Cross Site Scripting in Ektron CMS 8.7
Index(es):
- Date
- Thread