PROBLEM:
EMC Celerra/VNX/VNXe Access Control Bug Lets Remote Authenticated Users Access Files/Directories
PLATFORM:
EMC Celerra Network Server versions 6.0.36.4 through 6.0.60.2
EMC VNX versions 7.0.12.0 through 7.0.53.1
EMC VNXe 2.0 (including SP1, SP2, and SP3)
EMC VNXe MR1 (including SP1, SP2, SP3, and SP3.1)
EMC VNXe MR2 (including SP0.1)
ABSTRACT:
A vulnerability was reported in EMC Celerra/VNX/VNXe. A remote authenticated user can access files and directories on the target file system.
reference LINKS:
The Vendor's Advisory
SecurityTracker Alert ID: 1027242
EMC Identifier: ESA-2012-027
CVE-2012-2282
IMPACT ASSESSMENT:
High
Discussion:
In certain circumstances, NFS v2/3/4 clients with network access to exported file systems may be able to gain unauthorized access to files or directories in that file system due to access control issues.
Impact:
A remote authenticated user can access files and directories on the target system.
Solution:
The vendor has issued a fix.
EMC Celerra Network Server Version 6.0.61.0
EMC VNX Operating Environment for File Version 7.0.53.2
EMC VNXe MR1 SP3.2 (2.1.3.19077)
EMC VNXe MR2 SP0.2 (2.2.0.19078)