If you have any questions, please contact EMC Support.ĮMC would like to thank Geoffrey Janjua from Northrop Grumman for reporting this vulnerability. Registered EMC Online Support customers can download patches and software from:ĮMC Data Domain OS 5.7 version 5.7.3.0 is available at: ĮMC Data Domain OS 6.0 version 6.0.1.0 is available at: Please verify that the backup software in your environment is compatible with the target DD OS version before upgrading your system.
#Datadomain os 2017 upgrade
Severity Rating: CVSS v3 Base Score: 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)ĮMC Data Domain OS 5.7 All versions prior to DD OS 5.7.3.0ĮMC Data Domain OS 6.0 All versions prior to DD OS 6.0.1.0ĮMC Data Domain OS is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system.ĮMC Data Domain OS is potentially vulnerable to a privilege escalation vulnerability.Ī rogue administrator may be able to log in as the Security Office (SO) and escalate privileges by using SO users public key that is stored unprotected on the Data Domain system.ĮMC recommends all customers upgrade to one of the versions listed below at the earliest opportunity, after verifying environment compatibility:ĮMC Data Domain 5.7 - DD OS 5.7.3.0 or laterĮMC Data Domain 6.0 - DD OS 6.0.1.0 or later Change Mirror Download -BEGIN PGP SIGNED MESSAGE-ĮSA-2017-036: EMC Data Domain Privilege Escalation Vulnerability