SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   EMC VPLEX Vendors:   EMC
EMC VPLEX GeoSynchrony Undocumented Account Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1034526
SecurityTracker URL:  http://securitytracker.com/id/1034526
CVE Reference:   CVE-2015-6850   (Links to External Site)
Updated:  Dec 22 2015
Original Entry Date:  Dec 22 2015
Impact:   Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): GeoSynchrony 5.4 SP1 P2 and prior, 5.5
Description:   A vulnerability was reported in EMC VPLEX GeoSynchrony. A local user can gain elevated privileges.

A local user can access an undocumented 'root' account to gain elevated privileges on the target system.

Impact:   A local user can gain root privileges on the target system.
Solution:   The vendor has described a fix (Advisory ESA-2015-174) [quoted]:

"Upgrade the VPLEX GeoSynchrony to versions 5.4 SP1 P3 or 5.5 Patch 1.

Once you have upgraded to 5.4 SP1 P3 or 5.5 Patch 1, customers must follow the instructions in the KB Article 211258 (https://support.emc.com/kb/211258), How to change default password for EMC VPLEX root account, to change default "root" password.

Note: VS1 customers cannot upgrade to 5.5 Patch 1, since only VS2 hardware is capable of running 5.5 Patch 1. VS1 customers must upgrade to 5.4 SP1 P3, and VS2 customers can go to either 5.4 SP1 P3, or 5.5 Patch 1.


Vendor URL:  www.emc.com/ (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC