CVE-2016-0917

Name of the Vulnerable Software and Affected Versions EMC VNXe3200 Operating Environment versions prior to 3.1.5.8711957 EMC VNXe3100/3150/3300 Operating Environment versions prior to 2.4.4.22638 VNX1 File OE versions prior to 7.1.80.3 VNX2 File OE versions prior to 8.1.9.155 Celerra (all supported versions)

Description The SMB service does not prevent duplicate NTLM challenge-response nonces, making it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests.

Recommendations For EMC VNXe3200 Operating Environment versions prior to 3.1.5.8711957, update to version 3.1.5.8711957 or later. For EMC VNXe3100/3150/3300 Operating Environment versions prior to 2.4.4.22638, update to version 2.4.4.22638 or later. For VNX1 File OE versions prior to 7.1.80.3, update to version 7.1.80.3 or later. For VNX2 File OE versions prior to 8.1.9.155, update to version 8.1.9.155 or later. For Celerra, contact the vendor for a fix, as all supported versions are affected.