Archived EDSCLS Platform/VM 2.6
The EDSCLS VM 2.6 was released in March 2016 and replaced by the EDSCLS VM 2.7 on March 31, 2017. To access the latest VM and related materials, click here.
The EDSCLS VM 2.6 has been archived to assist EDSCLS users who continue using EDSCLS VM 2.6 and researchers and analysts using data collected via the EDSCLS VM 2.6. It is important for EDSCLS VM 2.6 users and analysts to understand that (1) the EDSCLS VM 2.6’s operating system is no longer supported and (2) the EDSCLS VM 2.6 needed improvements.
During our routine security testing of the current EDSCLS VM (EDSCLS VM 2.6), we discovered that its operating system, Ubuntu 15.04, is no longer supported by Canonical. This means the security of older versions of the platform (i.e., EDSCLS VM 2.6, released March 2016) could be compromised.
IT administrator(s) should be aware that the EDSCLS VM 2.6 cannot be patched using the Ubuntu update system (e.g., apt-get update) and would require custom patching/third party support of individual applications and dependent libraries. There are three local security vulnerabilities that, if successfully exploited, allow a malicious user to gain privileged access to the operating system. To execute a privileged escalation like these, the malicious user must have already gained access to the operating system. Such access could possibly be achieved via a remote, exploitable protocol running on the server that is accessible over the network (e.g., subset of running protocols/ports permitted through the host-based firewall) or direct access to the operating system through social engineering.
For more information on what improvements were made with the development of the EDSCLS VM 2.7 based on EDSCLS VM 2.6 scans and user reports, click here.
Below, you can find links to the following archived EDSCLS VM 2.6 materials: the 2016 EDSCLS Administration User Guide, the EDSCLS VM 2.6 Survey Item Lists, the EDSCLS VM 2.6 code books, and the non-response bias worksheet.