EMC, VMware security bugs throw gasoline on cloud security fire

Enlarge (credit: Vladimir Godnik/Getty Images)

While everyone was screaming about Meltdown and Spectre, another urgent security fix was already in progress for many corporate data centers and cloud providers who use products from Dell’s EMC and VMware units. A trio of critical newly-reported vulnerabilities in EMC and VMware backup and recovery tools—EMC Avamar, EMC NetWorker, EMC Integrated Data Protection Appliance, and vSphere Data Protection—could allow an attacker to gain root access to the systems, access to specific files, or inject malicious files into the server’s file system. These problems can only be fixed with upgrades.

The first of the vulnerabilities, designated in MITRE’s Common Vulnerabilities and Exposures (CVE) list as CVE-2017-15548, allows an attacker to gain root access to the servers. This would potentially give someone direct access to backups on the server, allowing them to retrieve images of virtual machines, backed-up databases, and other data stored within the affected systems.

The second vulnerability, CVE-2017-15549, makes it possible for an attacker to potentially upload malicious files into “any location on the server file system” without authentication. And the third, CVE-2017-15550, is a privilege escalation bug that could allow someone with low-level authenticated access to access files within the server. The attacker could do this by using a Web request crafted to take advantage of “path traversal”—moving up and down within the directory structure of the file system used by the application.

Read 3 remaining paragraphs | Comments

Post Author: martin

Martin is an enthusiastic programmer, a webdeveloper and a young entrepreneur. He is intereted into computers for a long time. In the age of 10 he has programmed his first website and since then he has been working on web technologies until now. He is the Founder and Editor-in-Chief of BriefNews.eu and PCHealthBoost.info Online Magazines. His colleagues appreciate him as a passionate workhorse, a fan of new technologies, an eternal optimist and a dreamer, but especially the soul of the team for whom he can do anything in the world.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.