Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday January 12, @02:44AM   Printer-friendly
from the update-early-and-often dept.

While everyone was screaming about Meltdown and Spectre, another urgent security fix was already in progress for many corporate data centers and cloud providers who use products from Dell's EMC and VMware units. A trio of critical, newly reported vulnerabilities in EMC and VMware backup and recovery tools—EMC Avamar, EMC NetWorker, EMC Integrated Data Protection Appliance, and vSphere Data Protection—could allow an attacker to gain root access to the systems or to specific files, or inject malicious files into the server's file system. These problems can only be fixed with upgrades. While the EMC vulnerabilities were announced late last year, VMware only became aware of its vulnerability last week.

[...] For those familiar with the architecture of these products, the vulnerabilities may not be a surprise—EMC Avamar and the other applications use Apache Tomcat, which was patched multiple times last year to address critical security vulnerabilities. However, it's not clear whether these patches were incorporated into earlier updates of the EMC and VMware products or if any of the bugs just fixed in updates of the EMC/VMware products were Tomcat related.

Source: https://arstechnica.com/information-technology/2018/01/emc-vmware-security-bugs-throw-gasoline-on-cloud-security-fire/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: -1, Spam) by Anonymous Coward on Friday January 12, @03:06AM (1 child)

    by Anonymous Coward on Friday January 12, @03:06AM (#621237)

    Utilize like this! Utilize like this! Get rapenant, get rapenant! Ahhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh, too good! It's a rancid, pinworm-infested feces fiesta!

    Starting Score:    0  points
    Moderation   -1  
       Spam=1, Total=1
    Extra 'Spam' Modifier   0  

    Total Score:   -1  
  • (Score: 0) by Anonymous Coward on Friday January 12, @03:41AM

    by Anonymous Coward on Friday January 12, @03:41AM (#621244)

    Spam but not far from truth. Wonder how long the NSA sat on these before finding People to discover them. hope my tinfoil is just on tight. Hmm.... tomorrow's stories to confuse consumers.... rohingya? North Korea? follow the 11 pointed star. she knows De wae