Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в EMC Secure Remote Services Virtual Edition
дополнено с 16 марта 2015 г.
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14314
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера, инъекция SQL, инъекция кода.
Затронутые продукты:EMC : EMC Secure Remote Services VS 3.04
 EMC : EMC Secure Remote Services Virtual Edition 3.03
CVE:CVE-2015-0544 (EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.)
 CVE-2015-0543 (EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.)
 CVE-2015-0525 (The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.)
 CVE-2015-0524 (SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.)
 CVE-2015-0235 (Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST.")
Оригинальный текстdocumentSecurify B.V., Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal (24.08.2015)
 documentSecurify B.V., Insufficient certificate validation in EMC Secure Remote Services Virtual Edition (24.08.2015)
 documentEMC, ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities (05.07.2015)
 documentSecurify B.V., Command injection vulnerability in EMC Secure Remote Services Virtual Edition (21.03.2015)
 documentSecurify B.V., EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection (21.03.2015)
 documentEMC, ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities (16.03.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород