Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26664
HistoryJul 18, 2011 - 12:00 a.m.

ESA-2011-022: EMC Documentum eRoom Indexing Server HummingBird Client Connector Buffer Overflow Vulnerability

2011-07-1800:00:00
vulners.com
24

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2011-022: EMC Documentum eRoom Indexing Server HummingBird Client Connector
Buffer Overflow Vulnerability

EMC Identifier: ESA-2011-022

CVE Identifier: CVE-2011-1741

Severity Rating: CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Affected products:
EMC Documentum eRoom versions 7.x

Vulnerability Summary:
EMC Documentum eRoom’s Indexing Server contains a buffer overflow vulnerability
which can be exploited to cause a denial of service, or possibly, arbitrary code
execution.

Vulnerability Details:
The HummingBird Client Connector (ftserver.exe) used by affected versions of EMC
Documentum eRoom’s Indexing Server contains a buffer overflow vulnerability. The
vulnerability may allow a remote unauthenticated user to send a specially-crafted
message over TCP to cause a denial of service, or possibly, execute arbitrary
code.

Problem Resolution:
The following EMC Documentum eRoom products contain resolutions to this issue.
The HummingBird Client Connector has been replaced by a new interface which is
not susceptible to this vulnerability.
β€’ EMC Documentum eRoom 7.4.3.f.

EMC strongly recommends all customers upgrade at the earliest opportunity.

Link to remedies:
Registered EMC Powerlink customers can download software from Powerlink.
For EMC Documentum eRoom Software, navigate in Powerlink to Home > Support >
Software Downloads and Licensing > Downloads D > Documentum eRoom

EMC has created an eRoom Sizing Tool with related documentation that helps
customers with the eRoom deployment sizing process. EMC strongly recommends that
eRoom Administrators read and understand the provided documentation, run the
eRoom Sizing Tool and review its results, perform the eRoom 7.4.3 upgrade to a
test or staging environment, and complete thorough performance testing in the
test or staging environment prior to a production upgrade. Failure to complete
these steps may lead to an unplanned eRoom 7.4.3 outage. Refer to EMC ETA
esg112401 for the details.

Because the view is restricted based on customer agreements, you may not have
permission to view certain downloads. Should you not see a software download you
believe you should have access to, follow the instructions in EMC Knowledgebase
solution emc116045.

Credits:
EMC would like to thank Stephen Fewer of Harmony Security
(www.harmonysecurity.com) working with TippingPoint's Zero Day Initiative
(http://www.zerodayinitiative.com) for reporting this issue.

For explanation of Severity Ratings, refer to EMC Knowledgebase solution
emc218831. EMC recommends that all customers take into account both the base
score and any relevant temporal and environmental scores, which may impact the
potential severity associated with particular security vulnerability.

EMC Corporation distributes EMC Security Advisories in order to bring to the
attention of users of the affected EMC products important security information.
EMC recommends all users determine the applicability of this information to their
individual situations and take appropriate action. The information set forth
herein is provided "as is" without warranty of any kind. EMC disclaims all
warranties, either express or implied, including the warranties of
merchantability, fitness for a particular purpose, title and non-infringement. In
no event shall EMC or its suppliers be liable for any damages whatsoever
including direct, indirect, incidental, consequential, loss of business profits
or special damages, even if EMC or its suppliers have been advised of the
possibility of such damages. Some states do not allow the exclusion or limitation
of liability for consequential or incidental damages so the foregoing limitation
may not apply.

EMC Product Security Response Center
[email protected]
http://www.emc.com/contact-us/contact/product-security-response-center.htm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)

iEYEARECAAYFAk4gdTYACgkQtjd2rKp+ALzvwgCfRra9Q2OjDs9Nq2yvDmdR2WqG
zWIAn2R1lquLRvn9lbXFVFRbu97dJ58L
=j9JX
-----END PGP SIGNATURE-----

Related for SECURITYVULNS:DOC:26664