EMC Documentum IRM Server Multiple Denial of Service Vulnerabilities (Secunia Advisory SA48690)

Luigi Auriemma has reported multiple vulnerabilities in EMC Documentum IRM Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) A NULL pointer dereference error exists when processing version compatibility check requests and can be exploited to cause a crash.

2) An unspecified error exists when processing commands with an invalid ID and can be exploited to consume server resources.

3) A NULL pointer dereference error exists when processing commands after an invalid version compatibility check request has been sent and can be exploited to cause a crash.

The vulnerabilities are reported in versions 4.6.1.1995 and prior.

Solution

Restrict access to trusted hosts only.

Original Advisory
http://aluigi.altervista.org/adv/irm_1-adv.txt


This entry was posted in EMC, Frontpage, Rights Management, Security alert and tagged , , . Bookmark the permalink.

Leave a Reply