Full Disclosure mailing list archives
Command injection vulnerability in EMC Secure Remote Services Virtual Edition
From: "Securify B.V." <lists () securify nl>
Date: Wed, 18 Mar 2015 22:22:34 +0100
------------------------------------------------------------------------ Command injection vulnerability in EMC Secure Remote Services Virtual Edition ------------------------------------------------------------------------ Han Sahin, November 2014 ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE. ------------------------------------------------------------------------ Affected versions ------------------------------------------------------------------------ EMC reports that the following versions are affected by this vulnerability: - EMC Secure Remote Services Virtual Edition 3.02 - EMC Secure Remote Services Virtual Edition 3.03 ------------------------------------------------------------------------ See also ------------------------------------------------------------------------ - CVE-2015-0525 - ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities ------------------------------------------------------------------------ Fix ------------------------------------------------------------------------ EMC released EMC Secure Remote Services Virtual Edition 3.04 that resolves this vulnerability. Registered EMC Online Support customers can download patches and software from support.emc.com at: EMC Secure Remote Services -> EMC Secure Remote Services Virtual Edition -> Downloads ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20141112/command_injection_vulnerability_in_emc_secure_remote_services_virtual_edition.html _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Command injection vulnerability in EMC Secure Remote Services Virtual Edition Securify B.V. (Mar 18)