Ga naar hoofdinhoud
  • Snel en eenvoudig bestellen
  • Bestellingen en de verzendstatus bekijken
  • Een lijst met producten maken en openen
  • Beheer uw Dell EMC locaties, producten en contactpersonen op productniveau met Company Administration.

Artikelnummer: 000192046


DSA-2021-180: Dell PowerScale OneFS Security Update for Multiple Vulnerabilities.

Samenvatting: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article content


Impact

Medium

Gegevens

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021-36305 Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA may potentially exploit this vulnerability, leading to a denial of service over SMB. 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 
Third-party Component CVE More information
FreeBSD CVE-2021-29626 https://nvd.nist.gov/vuln/detail/CVE-2021-29626
In OneFS, a copy-on-write logic failed to invalidate shared memory page mappings between multiple processes which amy allow an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel.
Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021-36305 Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA may potentially exploit this vulnerability, leading to a denial of service over SMB. 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
 
Third-party Component CVE More information
FreeBSD CVE-2021-29626 https://nvd.nist.gov/vuln/detail/CVE-2021-29626
In OneFS, a copy-on-write logic failed to invalidate shared memory page mappings between multiple processes which amy allow an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel.
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

CVEs Addressed  Affected Versions Updated Versions Link to Update
CVE-2021-36305 8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, and 9.1.1.x Upgrade your version of OneFS PowerScale OneFS Downloads Area
8.2.2, 9.1.0.x , and 9.2.1.x Download and install the latest RUP
CVE-2021-29626 8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, and 9.1.1.x Upgrade your version of OneFS
8.2.x, 9.1.0.x , and 9.2.1.x Download and install the latest RUP
CVEs Addressed  Affected Versions Updated Versions Link to Update
CVE-2021-36305 8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, and 9.1.1.x Upgrade your version of OneFS PowerScale OneFS Downloads Area
8.2.2, 9.1.0.x , and 9.2.1.x Download and install the latest RUP
CVE-2021-29626 8.2.0, 8.2.1, 9.0.0.x, 9.2.0.x, and 9.1.1.x Upgrade your version of OneFS
8.2.x, 9.1.0.x , and 9.2.1.x Download and install the latest RUP

Tijdelijke oplossingen en beperkingen

  Workarounds or Mitigations
CVE-2021-36305 Disabling Continuous Availability (CA) on all SMB shares that has it enabled prevents the issue.
CVE-2021-29626 Disallow ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_LOGIN_SSH privileges to non-administrative users.

Revisiegeschiedenis

RevisionDateDescription
1.030 Sep 2021 Initial Release

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


Artikeleigenschappen


Getroffen product

PowerScale OneFS, Product Security Information

Datum laatst gepubliceerd

15 feb 2022

Versie

2

Artikeltype

Dell Security Advisory