CVE-2017-14380

Name of the Vulnerable Software and Affected Versions EMC Isilon OneFS versions 7.1.1.x EMC Isilon OneFS versions 7.2.0.x EMC Isilon OneFS versions 7.2.1.0 through 7.2.1.5 EMC Isilon OneFS versions 8.0.0.0 through 8.0.0.4 EMC Isilon OneFS versions 8.0.1.0 through 8.0.1.1 EMC Isilon OneFS version 8.1.0.0

Description A malicious compliance admin (compadmin) account user could exploit a vulnerability in isi get itrace or isi get profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode.

Recommendations For EMC Isilon OneFS version 7.1.1.x, consider disabling the isi get itrace and isi get profile maintenance scripts until a patch is available. For EMC Isilon OneFS version 7.2.0.x, consider disabling the isi get itrace and isi get profile maintenance scripts until a patch is available. For EMC Isilon OneFS versions 7.2.1.0 through 7.2.1.5, consider disabling the isi get itrace and isi get profile maintenance scripts until a patch is available. For EMC Isilon OneFS versions 8.0.0.0 through 8.0.0.4, consider disabling the isi get itrace and isi get profile maintenance scripts until a patch is available. For EMC Isilon OneFS versions 8.0.1.0 through 8.0.1.1, consider disabling the isi get itrace and isi get profile maintenance scripts until a patch is available. For EMC Isilon OneFS version 8.1.0.0, consider disabling the isi get itrace and isi get profile maintenance scripts until a patch is available.