Multiple vulnerabilities in Dell EMC Unisphere Central



Risk High
Patch available YES
Number of vulnerabilities 30
CVE-ID CVE-2018-1000007
CVE-2017-0739
CVE-2018-11236
CVE-2017-15804
CVE-2017-15671
CVE-2017-15670
CVE-2017-12133
CVE-2015-5180
CVE-2018-16842
CVE-2018-16840
CVE-2018-14618
CVE-2018-1000301
CVE-2018-1000122
CVE-2018-1000121
CVE-2018-1000120
CVE-2017-1000254
CVE-2016-8619
CVE-2016-7167
CVE-2016-8615
CVE-2016-8616
CVE-2016-8617
CVE-2016-8618
CVE-2016-8620
CVE-2017-1000100
CVE-2016-8621
CVE-2016-8622
CVE-2016-8623
CVE-2016-8624
CVE-2016-9586
CVE-2017-7407
CWE-ID CWE-200
CWE-119
CWE-120
CWE-401
CWE-416
CWE-476
CWE-122
CWE-126
CWE-125
CWE-415
CWE-191
CWE-254
CWE-255
CWE-787
CWE-601
CWE-20
Exploitation vector Network
Public exploit Public exploit code for vulnerability #28 is available.
Vulnerable software
Dell EMC Unisphere Central
Server applications / Other server solutions

Vendor Dell

Security Bulletin

This security bulletin contains information about 30 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU10224

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1000007

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send custom headers in an HTTP request and an HTTP 30X redirect response code, cause the application to send the custom headers to the server specified in the 'Location:' response header and  obtain potentially sensitive authentication information from applications that use custom 'Authorization:' headers.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU38481

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-0739

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37712181.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory corruption

EUVDB-ID: #VU13011

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-11236

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists in the stdlib/canonicalize.c source code in the GNU glibc library due to improper processing of long pathname arguments to the realpath function. A local unauthenticated attacker can send long pathname arguments to a targeted system that is using 32-bit architecture, trigger an integer overflow condition that can lead to stack-based buffer overflow condition and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU11546

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15804

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the glob function in glob.c due to buffer overflow during unescaping of user names with the ~ operator. A remote attacker can trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory leak

EUVDB-ID: #VU11545

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15671

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the glob function in glob.c due to it skips freeing allocated memory when processing the ~ operator with a long user name when invoked with GLOB_TILDE. A remote attacker can trigger memory corruption and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory corruption

EUVDB-ID: #VU11544

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15670

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code with elevated privileges on the target system.

The weakness exists in the glob function in glob.c due to off-by-one error. A remote attacker can trigger heap-based buffer overflow and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free error

EUVDB-ID: #VU11787

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12133

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the DNS stub resolver due to it will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attackers due to IP fragmentation when enabling EDNS support. A remote attacker can trigger use after free and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) NULL pointer dereference

EUVDB-ID: #VU12269

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-5180

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in res_query in libresolv due to NULL pointer dereference. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Heap-based buffer overflow

EUVDB-ID: #VU15673

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16842

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to heap-based buffer over-read in the tool_msgs.c:voutf() function. A remote unauthenticated attacker can specially crafted data, trigger memory corruption to read back out-of-buffer data and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free error

EUVDB-ID: #VU15672

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16840

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to use-after-free error in closing an easy handle in the 'Curl_close()' function. A remote unauthenticated attacker can specially crafted data, trigger memory corruption and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer overflow

EUVDB-ID: #VU14691

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14618

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists on systems with a 32-bit size_t and that use more than 2 GB of memory for the password field due to a buffer overflow in Curl_ntlm_core_mk_nt_hash() in 'lib/curl_ntlm_core.c' when handling malicious input. A remote unauthenticated attacker can send a specially crafted NTLM authentication password, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Heap-based buffer over-read

EUVDB-ID: #VU12800

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1000301

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information and cause DoS condition on the target system.

The weakness exists due to heap-based buffer over-read. When servers send RTSP responses back to curl, the data starts out with a set of headers. curl parses that data to separate it into a number of headers to deal with those appropriately and to find the end of the headers that signal the start of the "body" part. The function that splits up the response into headers is called Curl_http_readwrite_headers() and in situations where it can't find a single header in the buffer, it might end up leaving a pointer pointing into the buffer instead of to the start of the buffer which then later on may lead to an out of buffer read when code assumes that pointer points to a full buffer size worth of memory to use. A remote attacker can gain access to potentially sensitive information and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer over-read

EUVDB-ID: #VU11108

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1000122

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition.

The weakness exists due to buffer over-read. A remote attacker can cause the target application to trigger a buffer copy error in processing RTSP URLs and cause the application to crash or access potentially sensitive information on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Null pointer dereference

EUVDB-ID: #VU11105

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1000121

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to NULL pointer dereference in ldap_get_attribute_ber(). A remote attacker can return a specially crafted redirect to an LDAP URL, trigger NULL pointer dereference and cause the service to crash.//

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Heap-based buffer overflow

EUVDB-ID: #VU11111

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1000120

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow. A remote attacker that can control the paths that curl uses for FTP can create specially crafted path names containing the control characters '%00', trigger memory corruption and execute arbitrary code.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU8702

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-1000254

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read when parsing a directory name when connecting to an FTP server. A remote attacker can trigger memory corruption, access arbitrary files and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Double Free

EUVDB-ID: #VU33018

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-8619

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Arbitrary code execution

EUVDB-ID: #VU655

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-7167

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability exposes a remote user's possibility to cause arbitrary code execution on the target system.
The weakness exists due to integer overflow. Using of specially crafted length parameter value to certain libcurl functions allows attackers to obtain potentially sensitive information and execute arbitrary code.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Security Features

EUVDB-ID: #VU33010

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-8615

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Credentials management

EUVDB-ID: #VU33011

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-8616

CWE-ID: CWE-255 - Credentials Management

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds write

EUVDB-ID: #VU33012

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-8617

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Double Free

EUVDB-ID: #VU33017

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-8618

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds read

EUVDB-ID: #VU33019

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-8620

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Open redirect

EUVDB-ID: #VU7884

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-1000100

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: No

Description

The vulnerability allows a remote attacker to redirect website visitors to external websites.

The weakness exists due to incorrect validation of redirected URL. A remote attacker can redirect the target user's curl request to a TFTP URL with a long filename to cause the target user's curl application to send portions of system memory.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Out-of-bounds read

EUVDB-ID: #VU33020

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-8621

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Out-of-bounds write

EUVDB-ID: #VU33021

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-8622

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU33013

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-8623

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) URL redirection

EUVDB-ID: #VU1144

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2016-8624

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform phishing attacks.

The vulnerability is caused by an error when parsing URL. A remote attacker can supply a link with ending "#" character in hostname and cause libcurl client to redirect to a host, specified after the "#" character.

Exploit example:

http://example.com#@evilsite.com/1.txt

The above URL will force libcurl client to connect to evilsite.com hostname instead of example.com.

The vulnerability allows an attacker to perform phishing attacks by tricking victims to connect to untrusted host.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

29) Buffer overflow

EUVDB-ID: #VU33022

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-9586

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Buffer overflow

EUVDB-ID: #VU33154

Risk: Low

CVSSv3.1: 2.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7407

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC Unisphere Central: before 4.0.8.23220

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000153792/dsa-2019-114-dell-emc-unisphere-central-security-update-for-multiple-embedded-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###