Computer Security
[EN] securityvulns.ru no-pyccku


EMC Secure Remote Services Virtual Edition multiple security vulnerabilities
updated since 16.03.2015
Published:24.08.2015
Source:
SecurityVulns ID:14314
Type:remote
Threat Level:
5/10
Description:Code execution, SQL injection, buffer overflow.
Affected:EMC : EMC Secure Remote Services VS 3.04
 EMC : EMC Secure Remote Services Virtual Edition 3.03
CVE:CVE-2015-0544 (EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.)
 CVE-2015-0543 (EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.)
 CVE-2015-0525 (The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.)
 CVE-2015-0524 (SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.)
 CVE-2015-0235 (Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST.")
Original documentdocumentSecurify B.V., Weak authentication in EMC Secure Remote Services Virtual Edition Web Portal (24.08.2015)
 documentSecurify B.V., Insufficient certificate validation in EMC Secure Remote Services Virtual Edition (24.08.2015)
 documentEMC, ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities (05.07.2015)
 documentSecurify B.V., Command injection vulnerability in EMC Secure Remote Services Virtual Edition (21.03.2015)
 documentSecurify B.V., EMC Secure Remote Services Virtual Edition Provisioning component is affected by SQL injection (21.03.2015)
 documentEMC, ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities (16.03.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod