You are here

U-211: EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated Users Access Files/Directories

July 12, 2012 - 7:00am

Addthis

PROBLEM:

EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated Users Access Files/Directories

PLATFORM:

EMC Celerra Network Server versions 6.0.36.4 through 6.0.60.2
EMC VNX versions 7.0.12.0 through 7.0.53.1
EMC VNXe 2.0 (including SP1, SP2, and SP3)
EMC VNXe MR1 (including SP1, SP2, SP3, and SP3.1)
EMC VNXe MR2 (including SP0.1)

ABSTRACT:

A vulnerability was reported in EMC Celerra/VNX/VNXe. A remote authenticated user can access files and directories on the target file system.

reference LINKS:

The Vendor's Advisory
SecurityTracker Alert ID: 1027242
EMC Identifier: ESA-2012-027
CVE-2012-2282

IMPACT ASSESSMENT:

High

Discussion:

In certain circumstances, NFS v2/3/4 clients with network access to exported file systems may be able to gain unauthorized access to files or directories in that file system due to access control issues.

Impact:

A remote authenticated user can access files and directories on the target system.

Solution:

The vendor has issued a fix.
EMC Celerra Network Server Version 6.0.61.0
EMC VNX Operating Environment for File Version 7.0.53.2
EMC VNXe MR1 SP3.2 (2.1.3.19077)
EMC VNXe MR2 SP0.2 (2.2.0.19078)

Addthis