DSA-2020-153: Dell EMC OpenManage Enterprise Tar File Extraction Vulnerability


DSA-2020-153: Dell EMC OpenManage Enterprise Tar File Extraction Vulnerability


DSA ID: DSA-2020-153

CVE Identifier: CVE-2020-5370

Severity: High

Severity Rating: CVSSv3 Base Score: 7.9 (AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L)

Affected products:
  • Dell EMC OpenManage Enterprise (OME) versions prior to 3.4

Summary:
Dell EMC OpenManage Enterprise (OME) has been updated to address a vulnerability that may be exploited to compromise the affected systems.

Details:
  • Improper Control of Generation of Code (‘Code Injection’) (CVE-2020-5370)
Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an arbitrary file overwrite vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to overwrite arbitrary files via directory traversal sequences using a crafted tar file to inject malicious RPMs which may cause a denial of service or perform unauthorized actions.

Resolution:
The following Dell EMC OpenManage Enterprise (OME) release contain the resolution to the vulnerability:
  • Dell EMC OpenManage Enterprise (OME) 3.4 and later

Dell EMC recommends all customers upgrade at the earliest opportunity.

Link to remedies:

Customers can download for PowerEdge servers. For all other platforms, please select the platform from the Dell support site.

Dell recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.






Artikel-ID: SLN322045

Datum der letzten Änderung: 07/02/2020 10:35 AM

Diesen Artikel bewerten

Präzise
Nützlich
Leicht verständlich
War dieser Artikel hilfreich?
0/3000 characters
Bitte geben Sie eine Bewertung ab (1 bis 5 Sterne).
Bitte geben Sie eine Bewertung ab (1 bis 5 Sterne).
Bitte geben Sie eine Bewertung ab (1 bis 5 Sterne).
Bitte geben Sie an, ob der Artikel hilfreich war.
Die folgenden Sonderzeichen dürfen in Kommentaren nicht verwendet werden: <>()\
verbleibende Zeichen