EMC slings patch at remote hack nonce-nse
Smells like 2010
Remote attackers can hose EMC hybrid flash storage thanks to cryptographic weaknesses.
The patched vulnerability (CVE-2016-0917) affects EMC's VNX1, VNX2 and VNXe systems, including the end-of-life Celerra which will not receive a fix.
EMC researchers wrote in a security notice that remote attackers could access the SMB service using administrator credentials by messing with authentication protocols such that duplicate cryptographic nonces are produced.
"An unauthenticated remote attacker may potentially exploit the NTLM challenge-response authentication protocol causing the server to generate duplicate challenges / nonces to potentially access the SMB service of the target system under the credentials of an authorised user," they wrote in the advisory.
"Depending on the privileges of the user, the attacker may be able to obtain and modify files on the target system and execute arbitrary code."
It said the vulnerability was is similar to a flaw (CVE-2010-0231) Microsoft patched in 2010 that resulted in elevation of privelege against Windows platforms.
"An unauthenticated elevation of privilege vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles authentication attempts. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending large amounts of authentication requests to the SMB server. An attacker who successfully exploited this vulnerability could access the SMB service on the target user under the credentials of an authorised user."
EMC says all affected users should upgrade immediately. If you've got Celerra kit, switch to Kerberos authentication instead of NTLM. ®