CVE-2017-14385

Name of the Vulnerable Software and Affected Versions EMC Data Domain DD OS versions prior to 5.7.5.6 EMC Data Domain DD OS versions prior to 6.0.2.9 EMC Data Domain DD OS versions prior to 6.1.0.21 EMC Data Domain Virtual Edition 2.0 family, all versions EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1 EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2

Description A memory overflow issue exists in the SMBv1 component of EMC Data Domain DD OS, potentially allowing an unauthenticated remote attacker to exploit it. This could lead to a complete shutdown of both the SMB service and active directory authentication, and may also enable remote code injection and execution.

Recommendations For EMC Data Domain DD OS versions prior to 5.7.5.6, update to version 5.7.5.6 or later. For EMC Data Domain DD OS versions prior to 6.0.2.9, update to version 6.0.2.9 or later. For EMC Data Domain DD OS versions prior to 6.1.0.21, update to version 6.1.0.21 or later. For EMC Data Domain Virtual Edition 2.0 family, consider upgrading to a newer version. For EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1, update to 3.0 SP2 Update 1 or later. For EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2, update to 3.1 Update 2 or later.