Exploit the possiblities

EMC AppSync Host Plug-In 3.5 Denial Of Service

EMC AppSync Host Plug-In 3.5 Denial Of Service
Posted Sep 28, 2017
Site emc.com

EMC AppSync host plug-in on Windows platform includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 3.5 and below are affected.

tags | advisory, denial of service
systems | windows
advisories | CVE-2017-8018
MD5 | 0dc5c768a6b91e7f30ed970745210698

EMC AppSync Host Plug-In 3.5 Denial Of Service

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ESA-2017-115: EMC AppSync Host Plug-in Denial of Service Vulnerability

EMC Identifier: ESA-2017-115
CVE Identifier: CVE-2017-8018
Severity Rating: CVSS v3 Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected products:
EMC AppSync host plug-in versions 3.5 and below (Windows platform only)

Summary:
EMC AppSync host plug-in on Windows platform includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Details:
EMC AppSync Host Plug-in (AppSync agent) on Windows platforms may be vulnerable when processing a large amount of network packets. An unauthenticated remote attacker can send specifically crafted packets to the vulnerable service (port 10004) and cause denial of service situation.

Resolution:
* Upgrade to EMC AppSync Host Plug-in version 3.1 followed by deploying Host Plug-in patch version 3.1.0.3 on top of 3.1
* Upgrade to EMC AppSync Host Plug-in version 3.5 followed by deploying with AppSync security update for Windows Host Plug-in Denial of Service Vulnerability Hot Fix at location on top of 3.5
EMC recommends all customers upgrade at the earliest opportunity.

Customers are advised to follow security best practices and block all traffic to AppSync agents by default and explicitly allow only specific traffic from known AppSync servers. This strategy provides good control over the traffic and helps minimize the attack surface. See EMC AppSync Security Configuration Guide for more information.

Link to remedies:

Customers can download software from https://support.emc.com/downloads/25364_AppSync

Credits:
EMC would like to thank Fortinet's FortiGuard Labs for reporting this vulnerability.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZypKRAAoJEHbcu+fsE81ZR4MIAIHWM1fI80GG4W5YdHzJ8IaB
2xsgNOV6VeXkBgS+1HhEpolV4kKUP02qExULO0qTTqf/5pEdefnNrYZkh6PdS8s6
WFle4+srPgcxZr0WFDEZRzDpc0TyczaL6lR6a9x6a6uU4Lrit/ZwUdEduQEt3nM1
IFd7f5FBvyNt5cY77pJellKi7XPwpaWKy2NWl1+lKqabc1tSHNkyGqyqIUJ58hbG
zyEVsJ1jEtEb0YEB7TKj1ICzayGeuIqq01zi5SzOTaPP7LCPYSzK2fzaSyzL6VwY
IwlUvFkJCkJXMwA34GYInr19f3psvZL7r9hiRspijs3A5VPk5EGHT/1SOcKduzo=
=LLed
-----END PGP SIGNATURE-----


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    8 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close