Vulnerability-Lookup

CNVD-2018-01329

Vulnerability from cnvd - Published: 2018-01-19

Title

EMC Data Domain DD OS内存溢出漏洞

Description

EMC Data Domain DD OS和EMC Data Domain Virtual Edition都是美国易安信（EMC）公司的产品。EMC Data Domain DD OS是一套重复数据消除操作系统。EMC Data Domain Virtual Edition是一款重复数据消除存储设备。 EMC Data Domain DD OS和EMC Data Domain Virtual Edition存在内存溢出漏洞。远程攻击者可利用该漏洞关闭SMB服务和活动目录认证或可能注入并执行代码。

Severity

中

Patch Name

EMC Data Domain DD OS内存溢出漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： http://www.emc.com

Reference

http://seclists.org/fulldisclosure/2017/Dec/79

Impacted products

Name
['EMC Data Domain OS 5.7', 'EMC Data Domain OS 5.7.2.0', 'EMC Data Domain OS 5.7.1.0', 'EMC Data Domain OS 6.0.1.0', 'EMC Data Domain OS 6.0', 'EMC Data Domain OS 5.7.3.0', 'EMC Data Domain OS 5.7.2.10', 'EMC Data Domain Virtual Edition 2.0', 'EMC Data Domain Virtual Edition 3.0', 'EMC Data Domain Virtual Edition 3.1', 'EMC Data Domain DD OS 6.1', 'EMC Data Domain DD OS 5.7.5.5']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102289"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-14385"
    }
  },
  "description": "EMC Data Domain DD OS\u548cEMC Data Domain Virtual Edition\u90fd\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002EMC Data Domain DD OS\u662f\u4e00\u5957\u91cd\u590d\u6570\u636e\u6d88\u9664\u64cd\u4f5c\u7cfb\u7edf\u3002EMC Data Domain Virtual Edition\u662f\u4e00\u6b3e\u91cd\u590d\u6570\u636e\u6d88\u9664\u5b58\u50a8\u8bbe\u5907\u3002\r\n\r\nEMC Data Domain DD OS\u548cEMC Data Domain Virtual Edition\u5b58\u5728\u5185\u5b58\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5173\u95edSMB\u670d\u52a1\u548c\u6d3b\u52a8\u76ee\u5f55\u8ba4\u8bc1\u6216\u53ef\u80fd\u6ce8\u5165\u5e76\u6267\u884c\u4ee3\u7801\u3002",
  "discovererName": "EMC",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.emc.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-01329",
  "openTime": "2018-01-19",
  "patchDescription": "EMC Data Domain DD OS\u548cEMC Data Domain Virtual Edition\u90fd\u662f\u7f8e\u56fd\u6613\u5b89\u4fe1\uff08EMC\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002EMC Data Domain DD OS\u662f\u4e00\u5957\u91cd\u590d\u6570\u636e\u6d88\u9664\u64cd\u4f5c\u7cfb\u7edf\u3002EMC Data Domain Virtual Edition\u662f\u4e00\u6b3e\u91cd\u590d\u6570\u636e\u6d88\u9664\u5b58\u50a8\u8bbe\u5907\u3002\r\n\r\nEMC Data Domain DD OS\u548cEMC Data Domain Virtual Edition\u5b58\u5728\u5185\u5b58\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5173\u95edSMB\u670d\u52a1\u548c\u6d3b\u52a8\u76ee\u5f55\u8ba4\u8bc1\u6216\u53ef\u80fd\u6ce8\u5165\u5e76\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "EMC Data Domain DD OS\u5185\u5b58\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "EMC Data Domain OS 5.7",
      "EMC Data Domain OS 5.7.2.0",
      "EMC Data Domain OS 5.7.1.0",
      "EMC Data Domain OS 6.0.1.0",
      "EMC Data Domain OS 6.0",
      "EMC Data Domain OS 5.7.3.0",
      "EMC Data Domain OS 5.7.2.10",
      "EMC Data Domain Virtual Edition 2.0",
      "EMC Data Domain Virtual Edition 3.0",
      "EMC Data Domain Virtual Edition 3.1",
      "EMC Data Domain DD OS 6.1",
      "EMC Data Domain DD OS 5.7.5.5"
    ]
  },
  "referenceLink": "http://seclists.org/fulldisclosure/2017/Dec/79",
  "serverity": "\u4e2d",
  "submitTime": "2017-12-20",
  "title": "EMC Data Domain DD OS\u5185\u5b58\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2017-14385 (GCVE-0-2017-14385)

Vulnerability from cvelistv5 – Published: 2017-12-20 23:00 – Updated: 2024-08-05 19:27

Summary

An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution.

Severity

No CVSS data available.

CWE

Memory Overflow Vulnerability

Assigner

dell

References

3 references

URL	Tags
http://seclists.org/fulldisclosure/2017/Dec/79	x_refsource_CONFIRM
http://www.securitytracker.com/id/1040027	vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102289	vdb-entryx_refsource_BID

Impacted products

1 product

Vendor	Product	Version
n/a	EMC Data Domain DD OS EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6, EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9, EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21, EMC Data Domain Virtual Edition 2.0 family, all versions, EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1, EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2	Affected: EMC Data Domain DD OS EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6, EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9, EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21, EMC Data Domain Virtual Edition 2.0 family, all versions, EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1, EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2

Date Public

2017-12-20 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:27:40.141Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2017/Dec/79"
          },
          {
            "name": "1040027",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040027"
          },
          {
            "name": "102289",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102289"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EMC Data Domain DD OS EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6, EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9, EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21, EMC Data Domain Virtual Edition 2.0 family, all versions, EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1, EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EMC Data Domain DD OS EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6, EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9, EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21, EMC Data Domain Virtual Edition 2.0 family, all versions, EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1, EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2"
            }
          ]
        }
      ],
      "datePublic": "2017-12-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory Overflow Vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-28T10:57:01.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://seclists.org/fulldisclosure/2017/Dec/79"
        },
        {
          "name": "1040027",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040027"
        },
        {
          "name": "102289",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102289"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2017-14385",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EMC Data Domain DD OS EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6, EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9, EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21, EMC Data Domain Virtual Edition 2.0 family, all versions, EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1, EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EMC Data Domain DD OS EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6, EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9, EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21, EMC Data Domain Virtual Edition 2.0 family, all versions, EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1, EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Memory Overflow Vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://seclists.org/fulldisclosure/2017/Dec/79",
              "refsource": "CONFIRM",
              "url": "http://seclists.org/fulldisclosure/2017/Dec/79"
            },
            {
              "name": "1040027",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040027"
            },
            {
              "name": "102289",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102289"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2017-14385",
    "datePublished": "2017-12-20T23:00:00.000Z",
    "dateReserved": "2017-09-12T00:00:00.000Z",
    "dateUpdated": "2024-08-05T19:27:40.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-01329

CVE-2017-14385 (GCVE-0-2017-14385)

Tags

Sightings

Nomenclature