New joke about security from EMC

Today EMC announced new security advisory:

According to release notes Content Server got following security “improvements” in 7.2:

I have no idea what does mean “dm_crypto_boot utility is enhanced to load an AEK into the shared memory” because this capability exists for a long time in Content Server, for example, quote from Admin Guide 6.7:

so, “dm_crypto_boot utility is enhanced to load an AEK into the shared memory” is not a security enhancement (actually, folks said me that now installer enforces entering passphrase for aek.key during installation), and the only enhancement is a support of RSA Lockbox, moreover, according to EMC it is the only option to “prevent” aek.key file from hijacking, but if you read carefully my post about CVE-2014-2515, you should know that RSA Lockbox does not introduce any security features – to open RSA Lockbox on another machine it’s enough to hijack following files from victim machine:

  • /etc/sysconfig/network – to get hostname
  • /etc/udev/rules.d/70-persistent-net.rules – to get information about network interfaces
  • /etc/sysconfig/network-scripts/ifcfg-*, /var/lib/dhclient/dhclient*.leases – to get more information about network interfaces
  • /proc/version, /proc/swaps, /proc/cpuinfo, /proc/partitions – RSA Lockbox uses these files to bind itself to specific machine

In next post I’m going to demonstrate how does it work.

4 thoughts on “New joke about security from EMC

  1. Pingback: ESA-2015-013. EMC continues kidding | Documentum in a (nuts)HELL
  2. Pingback: RSA Lockbox magic :) | Documentum in a (nuts)HELL
  3. Pingback: Developer “PostgreSQL” edition fun | Documentum in a (nuts)HELL
  4. Pingback: Encryption madness | Documentum in a (nuts)HELL

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s