EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated Users Access Files/Directories
|
|
SecurityTracker Alert ID: 1027242 |
|
SecurityTracker URL: http://securitytracker.com/id/1027242
|
|
CVE Reference:
CVE-2012-2282
(Links to External Site)
|
Date: Jul 11 2012
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Network Server 6.0.36.4 - 6.0.60.2
|
Description:
A vulnerability was reported in EMC Celerra/VNX/VNXe. A remote authenticated user can access files and directories on the target file system.
A remote authenticated user can bypass access controls an gain unauthorized access to distributed files and directories on the target NFS file system.
The following product versions are affected:
EMC Celerra Network Server versions 6.0.36.4 through 6.0.60.2
EMC VNX versions 7.0.12.0 through 7.0.53.1
EMC VNXe 2.0 (including SP1, SP2, and SP3)
EMC VNXe MR1 (including SP1, SP2, SP3, and SP3.1)
EMC VNXe MR2 (including SP0.1)
|
Impact:
A remote authenticated user can access files and directories on the target system.
|
Solution:
The vendor has issued a fix:
EMC Celerra Network Server Version 6.0.61.0
EMC VNX Operating Environment for File Version 7.0.53.2
EMC VNXe MR1 SP3.2 (2.1.3.19077)
EMC VNXe MR2 SP0.2 (2.2.0.19078)
|
Vendor URL: www.emc.com/ (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
