PT-2013-1558 · Emc · Emc Avamar Plugin For Oracle+1

Published

2013-01-21

Updated

2013-01-22

CVE-2012-2291

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EMC Avamar Client versions 4.x through 6.x EMC Avamar plugin versions 4.x through 6.x for Oracle

Description The issue allows local users to gain privileges via an unspecified symlink attack due to world-writable permissions for cache directories.

Recommendations For EMC Avamar Client versions 4.x through 6.x, consider changing the permissions of the cache directories to prevent world-writable access until a patch is available. For EMC Avamar plugin versions 4.x through 6.x for Oracle, restrict access to the cache directories to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-2291

Affected Products

Emc Avamar Client

Emc Avamar Plugin For Oracle

PT-2013-1558 · Emc · Emc Avamar Plugin For Oracle+1

CVE-2012-2291

Weakness Enumeration

Related Identifiers

Affected Products

References · 2