CVE-2018-1203 : Security Advisory and Response

Dell EMC Isilon OneFS versions 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 are affected by an Incorrect Authorization vulnerability that allows unauthorized code execution with root privileges.

Understanding CVE-2018-1203

In Dell EMC Isilon OneFS, a vulnerability exists that enables unauthorized code execution with root privileges.

What is CVE-2018-1203?

The vulnerability in Isilon OneFS allows the compadmin to execute unauthorized code with root privileges when running the tcpdump binary with sudo in specific versions.

The Impact of CVE-2018-1203

The vulnerability poses a significant risk as it allows unauthorized code execution with elevated privileges, potentially leading to system compromise.

Technical Details of CVE-2018-1203

The technical aspects of the vulnerability in Isilon OneFS.

Vulnerability Description

The compadmin in Isilon OneFS can leverage the tcpdump binary with root privileges, enabling potential execution of unauthorized code in affected versions.

Affected Systems and Versions

Product: Isilon OneFS
Vendor: Dell EMC
Affected Versions: 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6

Exploitation Mechanism

The compadmin runs the tcpdump binary with sudo
Unauthorized code execution with root privileges is possible

Mitigation and Prevention

Steps to mitigate the CVE-2018-1203 vulnerability in Isilon OneFS.

Immediate Steps to Take

Apply vendor-supplied patches promptly
Monitor for any unauthorized system access
Restrict compadmin privileges to mitigate risks

Long-Term Security Practices

Regularly update and patch Isilon OneFS
Implement least privilege access controls
Conduct security training for system administrators

Patching and Updates

Dell EMC provides patches to address the vulnerability
Regularly check for and apply security updates from the vendor