Multiple vulnerabilities in Dell PowerScale OneFS



Published: 2022-09-23
Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2019-18276
CVE-2019-9924
CVE-2016-9401
CVE-2016-7543
CWE-ID CWE-273
CWE-20
CWE-416
CWE-77
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
PowerScale OneFS
Hardware solutions / Firmware

Vendor Dell

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Improper Check for Dropped Privileges

EUVDB-ID: #VU24690

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-18276

CWE-ID: CWE-273 - Improper Check for Dropped Privileges

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in "disable_priv_mode()" function in shell.c due to the affected software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. A local user with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: 9.1.0.0 - 9.4.0.3


CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000202887/dsa-2022-215-dell-emc-powerscale-onefs-security-update-for-multiple-third-party-component-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Input validation error

EUVDB-ID: #VU21785

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-9924

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to "rbash" does not prevent the shell user from modifying BASH_CMDS. A local authenticate user can execute any command with the permissions of the shell.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: 9.1.0.0 - 9.4.0.3


CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000202887/dsa-2022-215-dell-emc-powerscale-onefs-security-update-for-multiple-third-party-component-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Use-after-free

EUVDB-ID: #VU33511

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-9401

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: 9.1.0.0 - 9.4.0.3


CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000202887/dsa-2022-215-dell-emc-powerscale-onefs-security-update-for-multiple-third-party-component-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Command injection

EUVDB-ID: #VU13104

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2016-7543

CWE-ID: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary commands on the target system.

The weakness exists due to insufficient validation of user-supplied input. A local attacker can supply specially crafted SHELLOPTS and PS4 environment variables, inject and execute arbitrary commands with root privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: 9.1.0.0 - 9.4.0.3


CPE2.3 External links

http://www.dell.com/support/kbdoc/nl-nl/000202887/dsa-2022-215-dell-emc-powerscale-onefs-security-update-for-multiple-third-party-component-vulnerabilities

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###