D2 ESA for Information Disclosure and Privilege Escalation Vulnerability

EMC released ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities detailing two important vulnerabilities of the D2 platform corrected by their most recent patches (D2 v4.1 P22 and D2 v4.2 P11).  The first vulnerability could allow an MD5 hash of important user and system credentials to be retrieved from log files by a low-privileged user.  This hash could potentially be reverse-engineered to recover credentials.  The second vulnerability could allow a low-privileged user to gain superuser status through group manipulation via a flaw in D2FS.

In addition, if you use Microsoft Explorer, you need to know about this vulnerability which could allow an attacker to steal your login credentials.

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: