D2 ESA for Information Disclosure and Privilege Escalation Vulnerability

EMC released ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities detailing two important vulnerabilities of the D2 platform corrected by their most recent patches (D2 v4.1 P22 and D2 v4.2 P11).  The first vulnerability could allow an MD5 hash of important user and system credentials to be retrieved from log files by a low-privileged user.  This hash could potentially be reverse-engineered to recover credentials.  The second vulnerability could allow a low-privileged user to gain superuser status through group manipulation via a flaw in D2FS.

In addition, if you use Microsoft Explorer, you need to know about this vulnerability which could allow an attacker to steal your login credentials.

 

 

Advertisements

About Scott
I have been implementing Documentum solutions since 1997. In 2005, I published a book about developing Documentum solutions for the Documentum Desktop Client (ISBN 0595339689). In 2010, I began this blog as a record of interesting and (hopefully) helpful bits of information related to Documentum, and as a creative outlet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: