Vulnerability-Lookup

CNVD-2017-00319

Vulnerability from cnvd - Published: 2017-01-11

Title

EMC ScaleIO本地权限提升漏洞

Description

EMC ScaleIO是一款软件定义的解决方案，可利用用户现有硬件或 EMC 服务器将现有 DAS 存储转换为共享数据块存储。 EMC ScaleIO存在本地权限提升漏洞。本地攻击者利用该漏洞可以在ScaleIO Data Client 服务器上以根权限执行任意代码。

Severity

中

Patch Name

EMC ScaleIO本地权限提升漏洞的补丁

Patch Description

EMC ScaleIO是一款软件定义的解决方案，可利用用户现有硬件或 EMC 服务器将现有 DAS 存储转换为共享数据块存储。 EMC ScaleIO存在本地权限提升漏洞。本地攻击者利用该漏洞可以在ScaleIO Data Client 服务器上以根权限执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： http://www.securityfocus.com/archive/1/539983

Reference

http://www.securityfocus.com/bid/95300

Impacted products

Name
EMC EMC ScaleIO 0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95300"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9867",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9867"
    }
  },
  "description": "EMC ScaleIO\u662f\u4e00\u6b3e\u8f6f\u4ef6\u5b9a\u4e49\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u53ef\u5229\u7528\u7528\u6237\u73b0\u6709\u786c\u4ef6\u6216 EMC \u670d\u52a1\u5668\u5c06\u73b0\u6709 DAS \u5b58\u50a8\u8f6c\u6362\u4e3a\u5171\u4eab\u6570\u636e\u5757\u5b58\u50a8\u3002\r\n\r\nEMC ScaleIO\u5b58\u5728\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u5728ScaleIO Data Client \u670d\u52a1\u5668\u4e0a\u4ee5\u6839\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "David BERARD, from the Ubisoft Security \u0026 Risk Management team",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.securityfocus.com/archive/1/539983",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00319",
  "openTime": "2017-01-11",
  "patchDescription": "EMC ScaleIO\u662f\u4e00\u6b3e\u8f6f\u4ef6\u5b9a\u4e49\u7684\u89e3\u51b3\u65b9\u6848\uff0c\u53ef\u5229\u7528\u7528\u6237\u73b0\u6709\u786c\u4ef6\u6216 EMC \u670d\u52a1\u5668\u5c06\u73b0\u6709 DAS \u5b58\u50a8\u8f6c\u6362\u4e3a\u5171\u4eab\u6570\u636e\u5757\u5b58\u50a8\u3002\r\n\r\nEMC ScaleIO\u5b58\u5728\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u5728ScaleIO Data Client \u670d\u52a1\u5668\u4e0a\u4ee5\u6839\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "EMC ScaleIO\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "EMC EMC ScaleIO 0"
  },
  "referenceLink": "http://www.securityfocus.com/bid/95300",
  "serverity": "\u4e2d",
  "submitTime": "2017-01-10",
  "title": "EMC ScaleIO\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2016-9867 (GCVE-0-2016-9867)

Vulnerability from cvelistv5 – Published: 2017-01-06 22:00 – Updated: 2024-08-06 03:07

Summary

An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers.

Severity ?

No CVSS data available.

CWE

Privilege escalation vulnerability

Assigner

dell

References

URL

Tags

	http://www.securityfocus.com/bid/95300	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/539983/30/…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	EMC ScaleIO versions before 2.0.1.1	Affected: EMC ScaleIO versions before 2.0.1.1

Date Public ?

2017-01-06 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:07:30.158Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "95300",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95300"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/539983/30/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EMC ScaleIO versions before 2.0.1.1",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "EMC ScaleIO versions before 2.0.1.1"
            }
          ]
        }
      ],
      "datePublic": "2017-01-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege escalation vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-09T10:57:01.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "95300",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95300"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.securityfocus.com/archive/1/539983/30/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2016-9867",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EMC ScaleIO versions before 2.0.1.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "EMC ScaleIO versions before 2.0.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege escalation vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95300",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95300"
            },
            {
              "name": "http://www.securityfocus.com/archive/1/539983/30/0/threaded",
              "refsource": "CONFIRM",
              "url": "http://www.securityfocus.com/archive/1/539983/30/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2016-9867",
    "datePublished": "2017-01-06T22:00:00.000Z",
    "dateReserved": "2016-12-06T00:00:00.000Z",
    "dateUpdated": "2024-08-06T03:07:30.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-00319

CVE-2016-9867 (GCVE-0-2016-9867)

Tags

Sightings

Nomenclature