About restricted folders

On April 10, 2014 EMC announced CVE-2014-0642:

EMC Documentum Content Server may be vulnerable to an information disclosure vulnerability that may potentially be exploited by malicious users to gain unauthorized access to metadata. This is due to improper authorization checks being performed when trying to access metadata from folders outside of restricted folders configured for Content Server users. This vulnerability is only limited to reading the metadata as the malicious user is not able to gain read/write access to the content itself.

The researcher of this vulnerability is Yuri Simione, he is even going to publish “exploit” (however it took 10 minutes for me to understand how to exploit vulnerability, but I’m not going to publish any related information). Initially I was confused by the following thing: Yuri writes that he discovered vulnerability in January 2014, EMC has written that vulnerability is fixed in CS7.1SP2 (released on March 1, 2014), so it takes just one month to fix vulnerability (note that usage of restricted folders feature causes wrong results for some queries). EMC is trying to fix multiple XSRFs more than year and still does not get any success, privilege escalation vulnerabilities was discovered by me in November 2013 and those vulnerabilities are still not fixed, but it’s worth to fix low-impact vulnerabilities within a month, what a shame!
Continue reading