Information disclosure in Dell EMC Isilon OneFS



Published: 2022-11-04
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-5601
CWE-ID CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		EMC Isilon OneFS
Client/Desktop applications / Software for system administration

Vendor Dell

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Information disclosure

EUVDB-ID: #VU35767

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5601

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding.

Mitigation

Install update from vendor's website.

Vulnerable software versions

EMC Isilon OneFS: before 8.2.1

External links

http://www.dell.com/support/kbdoc/en-us/000153864/dsa-2019-150-dell-emc-isilon-onefs-security-update-for-unix-file-system-ufs-and-fast-file-system-ffs-kernel-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###