EMC AppSync Host Plug-In 3.5 Denial Of Service

EMC AppSync host plug-in on Windows platform includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions 3.5 and below are affected.


MD5 | 0dc5c768a6b91e7f30ed970745210698

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

ESA-2017-115: EMC AppSync Host Plug-in Denial of Service Vulnerability

EMC Identifier: ESA-2017-115
CVE Identifier: CVE-2017-8018
Severity Rating: CVSS v3 Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected products:
EMC AppSync host plug-in versions 3.5 and below (Windows platform only)

Summary:
EMC AppSync host plug-in on Windows platform includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Details:
EMC AppSync Host Plug-in (AppSync agent) on Windows platforms may be vulnerable when processing a large amount of network packets. An unauthenticated remote attacker can send specifically crafted packets to the vulnerable service (port 10004) and cause denial of service situation.

Resolution:
* Upgrade to EMC AppSync Host Plug-in version 3.1 followed by deploying Host Plug-in patch version 3.1.0.3 on top of 3.1
* Upgrade to EMC AppSync Host Plug-in version 3.5 followed by deploying with AppSync security update for Windows Host Plug-in Denial of Service Vulnerability Hot Fix at location on top of 3.5
EMC recommends all customers upgrade at the earliest opportunity.

Customers are advised to follow security best practices and block all traffic to AppSync agents by default and explicitly allow only specific traffic from known AppSync servers. This strategy provides good control over the traffic and helps minimize the attack surface. See EMC AppSync Security Configuration Guide for more information.

Link to remedies:

Customers can download software from https://support.emc.com/downloads/25364_AppSync

Credits:
EMC would like to thank Fortinet's FortiGuard Labs for reporting this vulnerability.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZypKRAAoJEHbcu+fsE81ZR4MIAIHWM1fI80GG4W5YdHzJ8IaB
2xsgNOV6VeXkBgS+1HhEpolV4kKUP02qExULO0qTTqf/5pEdefnNrYZkh6PdS8s6
WFle4+srPgcxZr0WFDEZRzDpc0TyczaL6lR6a9x6a6uU4Lrit/ZwUdEduQEt3nM1
IFd7f5FBvyNt5cY77pJellKi7XPwpaWKy2NWl1+lKqabc1tSHNkyGqyqIUJ58hbG
zyEVsJ1jEtEb0YEB7TKj1ICzayGeuIqq01zi5SzOTaPP7LCPYSzK2fzaSyzL6VwY
IwlUvFkJCkJXMwA34GYInr19f3psvZL7r9hiRspijs3A5VPk5EGHT/1SOcKduzo=
=LLed
-----END PGP SIGNATURE-----



Related Posts

Comments