EMC admin? Plug this hole before the holidays

Because we haven't set fired SMBv1 into the Sun

By Richard Chirgwin

Posted in Security, 21st December 2017 04:56 GMT

Dell EMC has patched an SMBv1 bug in its Data Domain Deduplication and Data Protection software.

It's probably worth your time running the patch in, if you can, because as the advisory explained, it's a memory overflow that could open a system to remote code execution (RCE).

CVE-2017-14385 affects quite a few versions of the system: the Data Domain DD OS 5.7 family prior to 5.7.5.6; 6.0 versions prior to 6.0.2.9; 6.1 versions prior to 6.1.0.21; all versions of Data Domain Virtual Edition in 2.0, 3.0 prior to 3.0 SP2 Update 1, and 3.1 prior to 3.1 Update 2.

In its notice, Cisco expanded on the bug's impact: “An attacker could exploit this vulnerability by sending crafted SMBv1 packets to a targeted system. A successful exploit could trigger a memory overflow condition that the attacker could leverage to execute arbitrary code on the system. In addition, the attacker could also leverage this vulnerability to shut down the SMB service and Active Directory authentication, resulting in a DoS condition.”

If you can't patch immediately, external traffic to the system can be blocked at the firewall. Patches are available to registered users here. ®

Sign up to our NewsletterGet IT in your inbox daily

1 Comment

More from The Register

Microsoft emergency update: Malware Engine needs, erm, malware protection

Stop appreciating the irony and go install the patch now

Microsoft patched more Malware Protection Engine bugs last week

Redmond's out-of-band advisory landed after the bugs were fixed

Paranoid Android: Antivirus app-makers resolve MitM vulnerability

Attack loophole in Panda app sealed

'Crazy bad' bug in Microsoft's Windows malware scanner can be used to install malware

Critical update for security engine rushed out the door

Dell EMC squashes pair of VMAX virtual appliance bugs

vApp Manager contained undocumented default account

Dell forgot to renew PC data recovery domain, so a squatter bought it

Days later it served malware, but the only visible damage was to Dell's reputation

Dell EMC, Veeam eagerly clamber onto Microsoft's Azure Stack: I love it more. No, I love it more

Azure Stack and Hyper-V support ignition for MS

'Amnesia' IoT botnet feasts on year-old unpatched vulnerability

New variant of 'Tsunami' is a disaster waiting to happen

Microsoft says: Lock down your software supply chain before the malware scum get in

Stealthy attack code spotted going after payment systems

Taste the Redmond: Dell strengthens its Azure Stackery

On-premises Microsoft cloud gets 14G servers for more oomph