This article is more than 1 year old
Ghost of Windows NT haunts EMC's VNX, Celerra and Avamar
EMC's just figured out it has a problem with a bug Microsoft squashed in 2010
EMC has patched a six-year-old Windows bug that's popped up in its VNX and Celerra storage kit.
Its NTLM implementation – yes, that really does stand for “NT LAN Manager”, protocols last much longer than products – is at risk because the authentication nonce comes from a weak random number generator. Microsoft fixed its implementation in 2010.
The low entropy nonce generation means if an attacker fires enough authentication requests at the system, it might generate a nonce that duplicates one issued to an authenticated user.
That allows an attacker to log into the SMB (Server Message Block) service with whatever rights belong to the “real” user.
The advisory lists EMC VNX2 software in versions older than 8.1.9.155; VNX1 prior to 7.1.80.3; all VNXe versions; and all versions of the no-longer-sold Celerra.
If you're an EMC Avamar admin, there's no need to feel left out: server versions prior to 7.3.0-233 get a patch covering five vulnerabilities:
- CVE-2016-0903 – improper client authentication;
- CVE-2016-0904 – improper comms encryption;
- CVE-2016-0905 – privilege escalation via sudo;
- CVE-2016-0920 – sudo script command injection; and
- CVE-2016-0921 – privilege escalation because of weak file permissions.
EMC customers can get the updates here. ®
Biting the hand that feeds IT
