ESA-2017-028: EMC Isilon OneFS Path Traversal Vulnerability

--_002_1BF8853173D9704A93EF882F85952A8922846CMX304CL04corpemcc_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable



--_002_1BF8853173D9704A93EF882F85952A8922846CMX304CL04corpemcc_
Content-Type: text/plain; name="ESA-2017-028.txt"
Content-Description: ESA-2017-028.txt
Content-Disposition: attachment; filename="ESA-2017-028.txt"; size=3392;
	creation-date="Wed, 15 Mar 2017 12:04:01 GMT";
	modification-date="Wed, 29 Mar 2017 18:42:45 GMT"
Content-Transfer-Encoding: base64

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMjU2DQoNCkVTQS0y
MDE3LTAyODogRU1DIElzaWxvbiBPbmVGUyBQYXRoIFRyYXZlcnNhbCBWdWxuZXJhYmlsaXR5IA0K
DQpFTUMgSWRlbnRpZmllcjogRVNBLTIwMTctMDI4IA0KDQpDVkUgSWRlbnRpZmllcjogDQpDVkUt
MjAxNy00OTgwDQoNClNldmVyaXR5IFJhdGluZzogQ1ZTUyB2MyBCYXNlIFNjb3JlOiA0LjkgKEFW
Ok4vQUM6TC9QUjpIL1VJOk4vUzpVL0M6SC9JOk4vQTpOKQ0KDQpBZmZlY3RlZCBwcm9kdWN0czog
ICANCg0KlQlFTUMgSXNpbG9uIE9uZUZTIDguMC4wIC0gOC4wLjAuMQ0KlQlFTUMgSXNpbG9uIE9u
ZUZTIDcuMi4wIC0gNy4yLjEuMw0KlQlFTUMgSXNpbG9uIE9uZUZTIDcuMS4wIC0gNy4xLjEuMTAN
Cg0KU3VtbWFyeTogIA0KRU1DIElzaWxvbiBPbmVGUyBpcyBhZmZlY3RlZCBieSBhIHBhdGggdHJh
dmVyc2FsIHZ1bG5lcmFiaWxpdHkgdGhhdCBtYXkgcG90ZW50aWFsbHkgYmUgZXhwbG9pdGVkIGJ5
IGF0dGFja2VycyB0byBjb21wcm9taXNlIHRoZSBhZmZlY3RlZCBzeXN0ZW0uICAgDQoNCkRldGFp
bHM6IA0KRU1DIElzaWxvbiBPbmVGUyBpcyBhZmZlY3RlZCBieSBhIHBhdGggdHJhdmVyc2FsIHZ1
bG5lcmFiaWxpdHkuIEF0dGFja2VycyBjb3VsZCBwb3RlbnRpYWxseSBleHBsb2l0IHRoaXMgdnVs
bmVyYWJpbGl0eSB0byBhY2Nlc3MgdW5hdXRob3JpemVkIGluZm9ybWF0aW9uIGJ5IHN1cHBseWlu
ZyBzcGVjaWFsbHkgY3JhZnRlZCBzdHJpbmdzIGluIGlucHV0IHBhcmFtZXRlcnMgb2YgdGhlIGFw
cGxpY2F0aW9uLg0KDQpSZXNvbHV0aW9uOiAgDQpUaGUgZm9sbG93aW5nIHZlcnNpb25zIG9mIEVN
QyBJc2lsb24gT25lRlMgcmVzb2x2ZSB0aGlzIHZ1bG5lcmFiaWxpdHk6DQqVCUVNQyBJc2lsb24g
T25lRlMgOC4wLjAuMg0KlQlFTUMgSXNpbG9uIE9uZUZTIDcuMi4xLjQNCpUJRU1DIElzaWxvbiBP
bmVGUyA3LjEuMS4xMQ0KTGluayB0byByZW1lZGllczoNCg0KUmVnaXN0ZXJlZCBFTUMgT25saW5l
IFN1cHBvcnQgY3VzdG9tZXJzIGNhbiBkb3dubG9hZCBPbmVGUyBpbnN0YWxsYXRpb24gZmlsZXMg
ZnJvbSB0aGUgRG93bmxvYWRzIGZvciBJc2lsb24gT25lRlMgcGFnZSBvZiB0aGUgRU1DIE9ubGlu
ZSBTdXBwb3J0IHNpdGUgYXQgaHR0cHM6Ly9zdXBwb3J0LmVtYy5jb20vZG93bmxvYWRzLzE1MjA5
X0lzaWxvbi1PbmVGUy4gDQoNCklmIHlvdSBoYXZlIGFueSBxdWVzdGlvbnMsIHBsZWFzZSBjb250
YWN0IEVNQyBTdXBwb3J0Lg0KDQoNCltUaGUgZm9sbG93aW5nIGlzIHN0YW5kYXJkIHRleHQgaW5j
bHVkZWQgaW4gYWxsIHNlY3VyaXR5IGFkdmlzb3JpZXMuICBQbGVhc2UgZG8gbm90IGNoYW5nZSBv
ciBkZWxldGUuXQ0KDQpSZWFkIGFuZCB1c2UgdGhlIGluZm9ybWF0aW9uIGluIHRoaXMgRU1DIFNl
Y3VyaXR5IEFkdmlzb3J5IHRvIGFzc2lzdCBpbiBhdm9pZGluZyBhbnkgc2l0dWF0aW9uIHRoYXQg
bWlnaHQgYXJpc2UgZnJvbSB0aGUgcHJvYmxlbXMgZGVzY3JpYmVkIGhlcmVpbi4gSWYgeW91IGhh
dmUgYW55IHF1ZXN0aW9ucyByZWdhcmRpbmcgdGhpcyBwcm9kdWN0IGFsZXJ0LCBjb250YWN0IEVN
QyBTb2Z0d2FyZSBUZWNobmljYWwgU3VwcG9ydCBhdCAxLTg3Ny01MzQtMjg2Ny4NCg0KRm9yIGFu
IGV4cGxhbmF0aW9uIG9mIFNldmVyaXR5IFJhdGluZ3MsIHJlZmVyIHRvIEVNQyBLbm93bGVkZ2Vi
YXNlIHNvbHV0aW9uIGVtYzIxODgzMS4gRU1DIHJlY29tbWVuZHMgYWxsIGN1c3RvbWVycyB0YWtl
IGludG8gYWNjb3VudCBib3RoIHRoZSBiYXNlIHNjb3JlIGFuZCBhbnkgcmVsZXZhbnQgdGVtcG9y
YWwgYW5kIGVudmlyb25tZW50YWwgc2NvcmVzIHdoaWNoIG1heSBpbXBhY3QgdGhlIHBvdGVudGlh
bCBzZXZlcml0eSBhc3NvY2lhdGVkIHdpdGggcGFydGljdWxhciBzZWN1cml0eSB2dWxuZXJhYmls
aXR5Lg0KDQpFTUMgQ29ycG9yYXRpb24gZGlzdHJpYnV0ZXMgRU1DIFNlY3VyaXR5IEFkdmlzb3Jp
ZXMsIGluIG9yZGVyIHRvIGJyaW5nIHRvIHRoZSBhdHRlbnRpb24gb2YgdXNlcnMgb2YgdGhlIGFm
ZmVjdGVkIEVNQyBwcm9kdWN0cywgaW1wb3J0YW50IHNlY3VyaXR5IGluZm9ybWF0aW9uLiBFTUMg
cmVjb21tZW5kcyB0aGF0IGFsbCB1c2VycyBkZXRlcm1pbmUgdGhlIGFwcGxpY2FiaWxpdHkgb2Yg
dGhpcyBpbmZvcm1hdGlvbiB0byB0aGVpciBpbmRpdmlkdWFsIHNpdHVhdGlvbnMgYW5kIHRha2Ug
YXBwcm9wcmlhdGUgYWN0aW9uLiBUaGUgaW5mb3JtYXRpb24gc2V0IGZvcnRoIGhlcmVpbiBpcyBw
cm92aWRlZCAiYXMgaXMiIHdpdGhvdXQgd2FycmFudHkgb2YgYW55IGtpbmQuIEVNQyBkaXNjbGFp
bXMgYWxsIHdhcnJhbnRpZXMsIGVpdGhlciBleHByZXNzIG9yIGltcGxpZWQsIGluY2x1ZGluZyB0
aGUgd2FycmFudGllcyBvZiBtZXJjaGFudGFiaWxpdHksIGZpdG5lc3MgZm9yIGEgcGFydGljdWxh
ciBwdXJwb3NlLCB0aXRsZSBhbmQgbm9uLWluZnJpbmdlbWVudC4gSW4gbm8gZXZlbnQsIHNoYWxs
IEVNQyBvciBpdHMgc3VwcGxpZXJzLCBiZSBsaWFibGUgZm9yIGFueSBkYW1hZ2VzIHdoYXRzb2V2
ZXIgaW5jbHVkaW5nIGRpcmVjdCwgaW5kaXJlY3QsIGluY2lkZW50YWwsIGNvbnNlcXVlbnRpYWws
IGxvc3Mgb2YgYnVzaW5lc3MgcHJvZml0cyBvciBzcGVjaWFsIGRhbWFnZXMsIGV2ZW4gaWYgRU1D
IG9yIGl0cyBzdXBwbGllcnMgaGF2ZSBiZWVuIGFkdmlzZWQgb2YgdGhlIHBvc3NpYmlsaXR5IG9m
IHN1Y2ggZGFtYWdlcy4gU29tZSBzdGF0ZXMgZG8gbm90IGFsbG93IHRoZSBleGNsdXNpb24gb3Ig
bGltaXRhdGlvbiBvZiBsaWFiaWxpdHkgZm9yIGNvbnNlcXVlbnRpYWwgb3IgaW5jaWRlbnRhbCBk
YW1hZ2VzLCBzbyB0aGUgZm9yZWdvaW5nIGxpbWl0YXRpb24gbWF5IG5vdCBhcHBseS4NCg0KDQoN
Ci0tLS0tQkVHSU4gUEdQIFNJR05BVFVSRS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2Mg0KDQppUUVj
QkFFQkNBQUdCUUpZMi8vNEFBb0pFSGJjdStmc0U4MVpNTkFJQUlLdWZuZml1ZllDV1pFUDdOTldO
ZXZRDQpURExlVlpXOStjeERmYmZRTjR4V2lwSzRCWWtZZXV5ZU90NUs5UDI4MStvQVR1dEVKaW1p
S2U2MGtRd3V1YS90DQpMamFtT2dCYjhVMUMzZnVSQXUzV0lPVGlJU1FZV3pMMzVnR2tRaUdYWE1P
WHVMSlZkeEFLVXpqR08wRmcySlNwDQpLajJyRHB4eFJNVTBDdDhkUkZTaC9JTlVCL3VnMkRlcXJR
b3ZlMUNZUHlWZVQySXNvM3htRVdObEJqUzRtb1BrDQpIOFYyNURPQkozSDZ1SXI2c2J5SnJPOE1m
dzFvdXpvQVo5TTJNWDdDVW5iSnB6VUo3a1RDVUw5U1JyVTRzRXJrDQpBQjA2cTFnRWdpT0sxdm80
SlpwTXNyUFlwSjlsZHcwZXZzcHVoNDhEZXpiYWJnOURSczFFRzBCakd1SFRBR2s9DQo9WWRDZA0K
LS0tLS1FTkQgUEdQIFNJR05BVFVSRS0tLS0tDQo=

--_002_1BF8853173D9704A93EF882F85952A8922846CMX304CL04corpemcc_--