EMC Documentum Bugs Let Remote Authenticated Users Obtain Passwords, Gain Elevated Privileges, and Execute Arbitrary Code : 8/17/2015 11:57:49 PM
Communicate with co-workers in real time. Used by Netflix, Dropbox & Salesforce. $0/unlimited users. Get started >> From our sponsors |
| Vulnerability Databse |
| This module replaces the description field of a feed to the page it links to (in addition, it wipes out the content:encoded field), so you can get its full text. |
EMC Documentum Bugs Let Remote Authenticated Users Obtain Passwords, Gain Elevated Privileges, and Execute Arbitrary Code
8/17/2015 12:00:00 AM
| EMC Documentum Bugs Let Remote Authenticated Users Obtain Passwords, Gain Elevated Privileges, and Execute Arbitrary Code |
| SecurityTracker Alert ID: 1033296 |
| SecurityTracker URL: http://securitytracker.com/id/1033296 |
| CVE Reference: CVE-2015-4533, CVE-2015-4534, CVE-2015-4535, CVE-2015-4536 (Links to External Site) |
| Date: Aug 17 2015 |
| Impact: Disclosure of authentication information, Execution of arbitrary code via network, User access via network |
| Fix Available: Yes Vendor Confirmed: Yes |
| Version(s): prior to 7.0; 7.0, 7.1, 7.2 |
| Description: Multiple vulnerabilities were reported in EMC Documentum. A remote authenticated user can gain elevated privileges. A remote authenticated user can obtain passwords on the target system. A remote authenticated user can execute arbitrary code on the target system. The Java Method Server does not properly validate digital signatures [CVE-2015-4533]. A remote user that can create a digital signature for a query string without the method_verb parameter may be able to execute arbitrary code in Content Server with the privileges of the Java Method Server. When the Java Method Server __debug_trace__ parameter is enabled, the system writes login tickets to the Content Server log file. A remote authenticated user can obtain superuser tickets and privileges [CVE-2015-4534]. On systems with RPC tracing enabled, the system writes Content Server user inline passwords to the log file. A remote authenticated user with access to the Content Server log files can obtain the passwords [CVE-2015-4536]. |
| Impact: A remote authenticated user can gain elevated privileges on the target system. A remote authenticated user can execute arbitrary code on the target system. A remote authenticated user can obtain passwords on the target system. |
| Solution: The vendor has issued a fix (Advisory ESA-2015-131; Documentum Content Server 6.7SP1P32, 6.7SP2P25, 7.0P20, 7.1P16, 7.2P02). |
| Vendor URL: www.emc.com/ (Links to External Site) |
| Cause: Access control error, Authentication error |
| Underlying OS: Windows (2000), Windows (2003) |
| |
| Message History: None. |
You are receiving this email because you subscribed to this feed at feedmyinbox.com
If you no longer wish to receive these emails, you can unsubscribe from this feed, or manage all your subscriptions
Diberdayakan oleh Blogger.