Documentum ESA for Multiple Vulnerabilities

EMC published ESA-2014-105: EMC Documentum Content Server Multiple Vulnerabilities.  The multiple vulnerabilities are:

  • LDAP Authentication Bypass – Documentum Content Server configured with LDAP with the “bind_search_dn” option set as the authentication source may be subject to a potential authentication bypass vulnerability due to improper error handling within LDAP plug-in. A malicious user with knowledge of a valid user name can leverage this vulnerability to access Documentum Content Server.
  • Privilege Escalation – Unprivileged Content Server users may potentially escalate their privileges to become a superuser by creating and performing malicious operations on dm_job and dm_job_request objects. This is due to improper authorization checks being performed on such objects and some of their attributes.
  • Multiple OpenSSL Vulnerabilities – The OpenSSL project released a security advisory on August 6, 2014 disclosing multiple vulnerabilities in OpenSSL that may potentially affect EMC Documentum Content Server customers.

The products affected are:

  • Documentum Content Server versions of 7.1
  • Documentum Content Server versions of 7.0
  • Documentum Content Server versions of 6.7 SP2
  • Documentum Content Server versions of 6.7 SP1
  • Documentum Content Server versions prior to 6.7 SP1

The resolutions are contained in the following patches:

  • EMC Documentum Content Server version 7.1 P09 and later
  • EMC Documentum Content Server version 7.0 P16 and later
  • EMC Documentum Content Server version 6.7 SP2 P18 and later
  • EMC Documentum Content Server version 6.7 SP1 P29 and later
Advertisements

About Scott
I have been implementing Documentum solutions since 1997. In 2005, I published a book about developing Documentum solutions for the Documentum Desktop Client (ISBN 0595339689). In 2010, I began this blog as a record of interesting and (hopefully) helpful bits of information related to Documentum, and as a creative outlet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: