EMC admin? Plug this hole before the holidays
Because we haven't set fired SMBv1 into the Sun
Dell EMC has patched an SMBv1 bug in its Data Domain Deduplication and Data Protection software.
It's probably worth your time running the patch in, if you can, because as the advisory explained, it's a memory overflow that could open a system to remote code execution (RCE).
CVE-2017-14385 affects quite a few versions of the system: the Data Domain DD OS 5.7 family prior to 22.214.171.124; 6.0 versions prior to 126.96.36.199; 6.1 versions prior to 188.8.131.52; all versions of Data Domain Virtual Edition in 2.0, 3.0 prior to 3.0 SP2 Update 1, and 3.1 prior to 3.1 Update 2.
In its notice, Cisco expanded on the bug's impact: “An attacker could exploit this vulnerability by sending crafted SMBv1 packets to a targeted system. A successful exploit could trigger a memory overflow condition that the attacker could leverage to execute arbitrary code on the system. In addition, the attacker could also leverage this vulnerability to shut down the SMB service and Active Directory authentication, resulting in a DoS condition.”
If you can't patch immediately, external traffic to the system can be blocked at the firewall. Patches are available to registered users here. ®