DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability
CVE-2018-11071

7.5HIGH

Key Information:

Vendor: Dell
Status: Isilon Onefs; Isilonsd Edge
Vendor: CVE Published:; 18 September 2018

Summary

Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted.

Affected Version(s)

Isilon OneFS 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x < 8.1.2

IsilonSD Edge 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x < 8.1.2

References

https://seclists.org/fulldisclosure/2018/Sep/19

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2018
Vulnerability Reserved
May 14, 2018

Credit

Dell EMC would like to thank Honggang Ren of Fortinet's FortiGuard Labs for reporting this vulnerability.