Multiple vulnerabilities in Dell EMC Unity Family



| Updated: 2023-03-09
Risk High
Patch available YES
Number of vulnerabilities 61
CVE-ID CVE-2018-1122
CVE-2018-18501
CVE-2018-18505
CVE-2019-8936
CVE-2018-15473
CVE-2018-15919
CVE-2018-20685
CVE-2019-6109
CVE-2019-6110
CVE-2019-6111
CVE-2016-8610
CVE-2018-0734
CVE-2018-5407
CVE-2018-19788
CVE-2018-1123
CVE-2018-18498
CVE-2018-1124
CVE-2018-1125
CVE-2018-1126
CVE-2018-14647
CVE-2019-5010
CVE-2017-7500
CVE-2017-7501
CVE-2013-2131
CVE-2018-20346
CVE-2018-20506
CVE-2018-15686
CVE-2018-16864
CVE-2018-16865
CVE-2019-6454
CVE-2018-18500
CVE-2018-18494
CVE-2018-20217
CVE-2018-17199
CVE-2019-0217
CVE-2019-0220
CVE-2018-1336
CVE-2018-8014
CVE-2018-8034
CVE-2018-11784
CVE-2019-9924
CVE-2018-16890
CVE-2019-3822
CVE-2019-3823
CVE-2017-5436
CVE-2019-3855
CVE-2018-18493
CVE-2019-3856
CVE-2019-3857
CVE-2019-3858
CVE-2019-3859
CVE-2019-3860
CVE-2019-3861
CVE-2019-3862
CVE-2019-3863
CVE-2018-0495
CVE-2018-12384
CVE-2018-12404
CVE-2018-12405
CVE-2018-17466
CVE-2018-18492
CWE-ID CWE-264
CWE-119
CWE-476
CWE-388
CWE-200
CWE-284
CWE-451
CWE-20
CWE-208
CWE-77
CWE-120
CWE-190
CWE-121
CWE-611
CWE-59
CWE-134
CWE-89
CWE-416
CWE-617
CWE-362
CWE-835
CWE-601
CWE-125
CWE-787
CWE-300
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #5 is available.
Public exploit code for vulnerability #9 is available.
Public exploit code for vulnerability #10 is available.
Public exploit code for vulnerability #13 is available.
Public exploit code for vulnerability #14 is available.
Public exploit code for vulnerability #15 is available.
Public exploit code for vulnerability #17 is available.
Public exploit code for vulnerability #18 is available.
Public exploit code for vulnerability #19 is available.
Public exploit code for vulnerability #21 is available.
Public exploit code for vulnerability #24 is available.
Public exploit code for vulnerability #28 is available.
Public exploit code for vulnerability #29 is available.
Public exploit code for vulnerability #40 is available.
Public exploit code for vulnerability #42 is available.
Public exploit code for vulnerability #43 is available.
Public exploit code for vulnerability #44 is available.
Public exploit code for vulnerability #56 is available.
Public exploit code for vulnerability #58 is available.
Vulnerable software
Dell EMC UnityVSA Operating Environment (OE)
Hardware solutions / Other hardware appliances

Dell EMC Unity Operating Environment (OE)
Hardware solutions / Other hardware appliances

Vendor Dell

Security Bulletin

This security bulletin contains information about 61 vulnerabilities.

1) Privilege escalation

EUVDB-ID: #VU12975

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-1122

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to top reads its configuration file from the current working directory, without any security check, if the HOME environment variable is unset or empty. A local attacker can exploit one of several vulnerabilities in top's config_file() function, execute top in /tmp (for example) and gain elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Buffer overflow

EUVDB-ID: #VU17262

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18501

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU17263

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18505

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass imposed sandbox restrictions.

The vulnerability exists within implementation of authentication process for Inter-process Communication (IPC). This authentication is insufficient for channels created after the IPC process is started, leading to the authentication not being correctly applied to later channels. A remote attacker can bypass sandbox restrictions through IPC channels due to lack of message validation in the listener process.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU20339

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8936

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing authenticated mode 6 packets. A remote attacker can send malicious authenticated mode 6 (ntpq) packet from a permitted network address, trigger a NULL pointer dereference error and crash ntpd.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) User enumeration

EUVDB-ID: #VU14440

Risk: Medium

CVSSv3.1: 5.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:F/RL:O/RC:C]

CVE-ID: CVE-2018-15473

CWE-ID: CWE-388 - Error Handling

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to enumerate all accounts on the system.

The vulnerability exists due to a logical error in auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c files when processing authentication requests. A remote attacker can send a specially crafted chain of packets and monitor behavior of openssh server to determine presence of a valid username. The server will drop connection upon receiving a malformed authentication packets if the username is valid.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

6) Information disclosure

EUVDB-ID: #VU14548

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-15919

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to insufficient validation of an authentication request packet when the Guide Star Server II (GSS2) component is used. A remote attacker can send an authentication request packet and access sensitive information, such as valid usernames.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Security restrictions bypass

EUVDB-ID: #VU16946

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-20685

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to improper validation of filenames by the scp.c source code file in the SCP client . A remote unauthenticated attacker can trick the victim into accessing a file with the filename of . or an empty filename from an attacker-controlled Secure Shell (SSH) server to bypass access restrictions on the system, which could be used to conduct further attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Spoofing attack

EUVDB-ID: #VU16990

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-6109

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct spoofing attack on the target system.

The weakness exists due to accepting and displaying arbitrary stderr output from the scp server by the scp client. A malicious SCP server can use the object name to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Spoofing attack

EUVDB-ID: #VU16989

Risk: Low

CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-6110

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to conduct spoofing attack on the target system.

The weakness exists due to missing character encoding in the progress display by the scp client. A malicious SCP server can use the object name to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred.


Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

10) Security restrictions bypass

EUVDB-ID: #VU16988

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-6111

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to missing received object name validation by the scp client. A malicious SCP server can overwrite arbitrary files in the SCP client target directory. If a recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example overwrite .ssh/authorized_keys).


Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

11) Denial of service

EUVDB-ID: #VU1083

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-8610

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated user to exhaust memory on the target system.
The weakness is due to improper handling of certain packets by the ssl3_read_bytes() function in 'ssl/s3_pkt.c.
By sending a flood of SSL3_AL_WARNING alerts during the SSL handshake, a remote attacker can consume excessive CPU resources that may lead to OpenSSL library being unavailable.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Information disclosure

EUVDB-ID: #VU15668

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-0734

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to unspecified flaw in Digital Signature Algorithm (DSA). A local attacker can conduct a timing side-channel attack and recover the private key, which could be used to conduct further attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Side-channel attack

EUVDB-ID: #VU15723

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-5407

CWE-ID: CWE-208 - Information Exposure Through Timing Discrepancy

Exploit availability: Yes

Description

The vulnerability allows a physical attacker to obtain potentially sensitive information.

The vulnerability exists due to due to execution of engine sharing on SMT (e.g.Hyper-Threading) architectures when improper handling of information by the processor. A physical attacker can construct a timing side channel to hijack information from processes that are running in the same core.

Note: the vulnerability has been dubbed as PortSmash microarchitecture bug.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

14) Command injection

EUVDB-ID: #VU16313

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-19788

CWE-ID: CWE-77 - Command injection

Exploit availability: Yes

Description

The vulnerability allows a local authenticated attacker to execute arbitrary commands on the target system.

The vulnerability exists due to PolicyKit's improper validation of permission requests for any low-privileged user with UID greater than INT_MAX, a constant in computer programming that defines what maximum value an integer variable can store, which equals to 2147483647 (in hexadecimal 0x7FFFFFFF). A local authenticated attacker with a uid greater than INT_MAX can execute any systemctl command.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

15) Buffer overflow

EUVDB-ID: #VU12976

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-1123

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to ps mmap()s its output buffer and mprotect()s its last page with PROT_NONE (an effective guard page). A remote attacker can trick the victim into opening a specially crafted input, overflow the output buffer of ps and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

16) Integer overflow

EUVDB-ID: #VU16493

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18498

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an integer overflow during buffer size calculations for images. A remote attacker can use a raw value instead of the checked value, trigger out-of-bounds read and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Integer overflow

EUVDB-ID: #VU12977

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-1124

CWE-ID: CWE-190 - Integer overflow

Exploit availability: Yes

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to integer overflow in libprocps's file2strvec() function. A local attacker can execute a vulnerable utility (pgrep, pidof, pkill, and w are vulnerable by default; other utilities are vulnerable if executed with non-default options) and gain elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

18) Stack-based buffer overflow

EUVDB-ID: #VU12993

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-1125

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow. A remote attacker can send a specially crafted request, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

19) Buffer overflow

EUVDB-ID: #VU12992

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-1126

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper bounds checking. A remote attacker can send a specially crafted request, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

20) XXE attack

EUVDB-ID: #VU15760

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14647

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct XXE-attack.

The vulnerability exists due to improper handling of XML External Entities (XXEs) when parsing an XML file. A remote attacker can trick the victim into open an XML file that submits malicious input, trigger pathological hash collisions in Expat's internal data structures, consume large amounts CPU and RAM, and cause a denial of service (DoS) condition.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU17805

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-5010

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the X509 certificate parser of the affected software improperly handles X509 certificates with a certificate extension that uses a Certificate Revocation List (CRL) distribution point with empty distributionPoint and cRLIssuer fields. A remote attacker can send a request to initiate a Transport Layer Security (TLS) connection using an X509 certificate that submits malicious input, trigger a NULL pointer dereference condition that causes the application to crash, resulting in a DoS condition.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

22) Link following

EUVDB-ID: #VU31245

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7500

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Link following

EUVDB-ID: #VU31396

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7501

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Format string error

EUVDB-ID: #VU40973

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2013-2131

CWE-ID: CWE-134 - Use of Externally-Controlled Format String

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

25) SQL injection

EUVDB-ID: #VU17162

Risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-20346

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data in the SQLite component. A remote attacker can send a specially specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) SQL injection

EUVDB-ID: #VU17164

Risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-20506

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data in the SQLite component. A remote attacker can send a specially specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Privilege escalation

EUVDB-ID: #VU15675

Risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-15686

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to an error in unit_deserialize of systemd. A remote attacker can supply arbitrary state across systemd re-execution via NotifyAccess and gain root privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Memory corruption

EUVDB-ID: #VU16940

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-16864

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges to conduct further attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

29) Memory corruption

EUVDB-ID: #VU16941

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-16865

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error when handling malicious input. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges to conduct further attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

30) Input validation error

EUVDB-ID: #VU17752

Risk: Low

CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-6454

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to incorrect handling of certain D-Bus messages. A local attacker can supply specially crafted D-Bus messages to crash the init process, resulting in a system denial-of-service (kernel panic).

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU17258

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18500

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when HTML5 stream in concert with custom HTML elements. A remote attacker can create a specially crafted web page. trick the victim into visiting it, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Same-origin policy bypass

EUVDB-ID: #VU16489

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18494

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass same-origin policy on the target system.

The weakness exists due to an error .when using the Javascript location property. A remote attacker can trick the victim into visiting a specially crafted website and theft cross-origin URL entries to cause a redirection to another site using performance.getEntries()

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Reachable Assertion

EUVDB-ID: #VU17350

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-20217

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in in the KDC. A remote attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4) and crash the KDC by making an S4U2Self request.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Security restrictions bypass

EUVDB-ID: #VU17178

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17199

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to mod_session checks the session expiry time before decoding the session. A remote attacker сan cause session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded and reuse old session credentials or session IDs, which the attacker could use to access web pages previously accessed by a targeted user. 

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Race condition

EUVDB-ID: #VU18111

Risk: Low

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-0217

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to impersonate other users.

The vulnerability exists due to a race condition within the mod_auth_digests module. A remote authenticated attacker can send a series of requests and impersonate other users under a threaded MPM.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Input validation error

EUVDB-ID: #VU18113

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-0220

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to the web server does not merge consecutive slashes in URLs, that can lead to incorrect processing of requests when accessing CGI programs. Such web server behavior may lead to security restrictions bypass.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Infinite loop

EUVDB-ID: #VU13986

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1336

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to improper handing of overflow in the UTF-8 decoder with supplementary characters. A remote attacker can send trigger an infinite loop in the decoder and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Information disclosure

EUVDB-ID: #VU12798

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-8014

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the defaults settings for the CORS filter are insecure and enable supportsCredentials for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. A remote attacker can access important data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Security restrictions bypass

EUVDB-ID: #VU13992

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-8034

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to host name verification when using TLS with the WebSocket client was missing. A remote unauthenticated attacker can bypass security restrictions when using TLS.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Open redirect

EUVDB-ID: #VU15156

Risk: Low

CVSSv3.1: 2.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-11784

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to redirect victims to arbitrary URI.

The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary URI.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

41) Input validation error

EUVDB-ID: #VU21785

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9924

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to "rbash" does not prevent the shell user from modifying BASH_CMDS. A local authenticate user can execute any command with the permissions of the shell.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Heap out-of-bounds read

EUVDB-ID: #VU17457

Risk: Low

CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-16890

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or cause the service to crash.

The vulnerability exists due to a integer overflow in the function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly. A remote attacker on malicious or broken NTLM server can trick the victim into accepting a bad length + offset combination, trigger heap out-of-bounds read error and read contents of memory on the system or cause the service to crash..

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

43) Stack-based buffer overflow

EUVDB-ID: #VU17456

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-3822

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists due to the NT LAN Manager (NTLM) Curl_auth_create_ntlm_type3_message function creates an outgoing NTLM type-3 header and generates the request HTTP header contents based on previously received data. A remote unauthenticated attacker can send very large ‘nt response’ output data, that has been extracted from a previous NTLMv2 header that was provided by a malicious or broken HTTP server, trigger stack-based buffer overflow and cause the service to crash or execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

44) Heap out-of-bounds read

EUVDB-ID: #VU17458

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-3823

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or cause the service to crash.

The vulnerability exists due to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. A remote attacker can trigger heap out-of-bounds read error and read contents of memory on the system or cause the service to crash..

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

45) Out-of-bounds write

EUVDB-ID: #VU6315

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-5436

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in the Graphite 2 library when processing Graphite fonts. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Integer overflow

EUVDB-ID: #VU18024

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3855

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the _libssh2_transport_read() function in transport.cwhen processing packet_lengthvalues. A remote attacker can trick the victim to connect to a malicious SSH server, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Buffer overflow

EUVDB-ID: #VU16448

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18493

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the use of 32-bit calculations instead of 64-bit. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Integer overflow

EUVDB-ID: #VU18023

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3856

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when parsing keyboard prompt requests. A remote attacker can trick the victim to connect to a malicious SSH server, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Integer overflow

EUVDB-ID: #VU18025

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3857

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when parsing SSH_MSG_CHANNEL_REQUEST packets. A remote attacker can trick the victim to connect to a malicious SSH server, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Out-of-bounds read

EUVDB-ID: #VU18028

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3858

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing SFTP packets. A remote attacker can trick the victim to connect to a malicious SSH server, trigger out-of-bounds read error and read contents of memory or crash the affected application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Out-of-bounds read

EUVDB-ID: #VU18027

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3859

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing packets in _libssh2_packet_require() and _libssh2_packet_requirev() functions. A remote attacker can trick the victim to connect to a malicious SSH server, trigger out-of-bounds read error and read contents of memory or crash the affected application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Out-of-bounds read

EUVDB-ID: #VU18026

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3860

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing SFTP packets. A remote attacker can trick the victim to connect to a malicious SSH server, trigger out-of-bounds read error and read contents of memory or crash the affected application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Out-of-bounds read

EUVDB-ID: #VU18252

Risk: Low

CVSSv3.1: 3.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3861

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when SSH packets with a padding length value greater than the packet length are parsed. A remote attacker can trick the victim to connect to a malicious SSH server, trigger out of bounds read and gain access to sensitive information or perform denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Out-of-bounds read

EUVDB-ID: #VU18253

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3862

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker can trick the victim to connect to a malicious SSH server, trigger out of bounds read and gain access to sensitive information or perform denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Out-of-bounds write

EUVDB-ID: #VU18254

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3863

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing total length of multiple keyboard interactive response messages that exceeds the value of unsigned char max characters. A remote attacker can trick the victim to connect to a malicious SSH server, trigger our of bounds write and execute arbitrary code on the system with privileges of the user, running the affected application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Memory-cache side-channel attack

EUVDB-ID: #VU13370

Risk: Low

CVSSv3.1: 3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-0495

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to a leakage of information through memory caches when the affected library uses a private key to create Elliptic Curve Digital Signature Algorithm (ECDSA) signatures.  A local attacker can conduct a memory-cache side-channel attack on ECDSA signatures and recover sensitive information, such as ECDSA private keys, which could be used to conduct further attacks. 

Note: The vulnerability is known as the "Return Of the Hidden Number Problem" or ROHNP.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

57) Man-in-the-middle attack

EUVDB-ID: #VU15735

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12384

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct man-in-the-middle attack on the target system.

The weakness exists due to ServerHello.random is all zero when handling a v2-compatible ClientHello. A remote attacker can use man-in-the-middle techniques to conduct passive replay attack and obtain potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Cache Attacks

EUVDB-ID: #VU16219

Risk: Medium

CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-12404

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a downgrade attack on the server and decrypt private keys on the target system.

The vulnerability exists due to a core weakness in TLS that relates to the handshaking of the session key which is used within the tunnel during parallelisation of thousands of oracle queries that occurs using a cluster of TLS servers which share the same public key certificate. A remote attacker can mount a microarchitectural side channel attack against a vulnerable implementation, obtain a network man-in-the-middle position, obtain the relevant data to sign and trigger the victim server to decrypt ciphertexts chosen by the adversary to perform a downgrade attack.






Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

59) Memory corruption

EUVDB-ID: #VU16495

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-12405

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious input. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Memory corruption

EUVDB-ID: #VU15473

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17466

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in Angle. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation on the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Use-after-free error

EUVDB-ID: #VU16447

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18492

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error after deleting a selection element due to a weak reference to the select element in the options collection.. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC UnityVSA Operating Environment (OE): before 5.0.0.0.5.116

Dell EMC Unity Operating Environment (OE): before 5.0.0.0.5.116

CPE2.3 External links

http://www.dell.com/support/kbdoc/en-us/000001841/dsa-2019-087-dell-emc-unity-family-security-update-for-multiple-third-party-components


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###