The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of VNX Operating Environment

vulnerability alert CVE-2013-3270

EMC VNX/Celerra Control Station: privilege escalation via nasadmin

Synthesis of the vulnerability

An attacker, who is member of the nasadmin group, can alter scripts of EMC VNX/Celerra Control Station, in order to escalate his privileges.
Impacted products: Celerra NS, VNX Operating Environment, VNX Series.
Severity: 1/4.
Consequences: administrator access/rights.
Provenance: user shell.
Creation date: 16/05/2013.
Identifiers: CERTA-2013-AVI-320, CVE-2013-3270, ESA-2013-041, VIGILANCE-VUL-12841.

Description of the vulnerability

The EMC VNX Control Station and EMC Celerra Control Station products install scripts on the system. These scripts are run with root privileges.

However, these scripts are owned by the nasadmin group, and are writable.

An attacker, who is member of the nasadmin group, can therefore alter scripts of EMC VNX/Celerra Control Station, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2012-2282

EMC Celerra, VNX, VNXe: access to files via NFS

Synthesis of the vulnerability

An attacker can use a NFS client, and bypass access privileges, in order to access to hosted files of EMC Celerra, VNX and VNXe.
Impacted products: Celerra NS, VNX Operating Environment, VNX Series.
Severity: 3/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: intranet client.
Creation date: 12/07/2012.
Identifiers: BID-54414, CERTA-2012-AVI-389, CVE-2012-2282, ESA-2012-027, VIGILANCE-VUL-11765.

Description of the vulnerability

The EMC Celerra, VNX and VNXe products contain a NFS server, so Unix clients can access to data.

However, NFS access privileges to files and to directories are not correctly honored.

An attacker can therefore use a NFS client, and bypass access privileges, in order to access to hosted files.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about VNX Operating Environment: