SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   EMC Avamar Vendors:   EMC
EMC Avamar Unspecified Flaw in gsan Service Lets Remote Users Deny Service
SecurityTracker Alert ID:  1024036
SecurityTracker URL:  http://securitytracker.com/id/1024036
CVE Reference:   CVE-2010-1919   (Links to External Site)
Date:  May 26 2010
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.1.x, 5.0
Description:   A vulnerability was reported in EMC Avamar. A remote user can cause denial of service conditions.

A remote user can send a specially crafted message via TCP to cause the target gsan service to hang.

A reboot is required to return the affected grid to normal operations.

Impact:   A remote user can cause the target gsan service to hang. A reboot is required to return the grid to normal operations.
Solution:   The vendor has issued a fix (5.0 SP1).

A patch is also available for version 4.1.x (patch #18975).

Vendor URL:  www.emc.com/ (Links to External Site)
Cause:   Not specified
Underlying OS:   Linux (Any), UNIX (AIX), UNIX (FreeBSD), UNIX (HP/UX), UNIX (Open UNIX-SCO), UNIX (OS X), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.


 Source Message Contents

Date:  Wed, 26 May 2010 10:18:49 -0400
Subject:  ESA-2010-007: EMC Avamar Denial Of Service Vulnerability

ESA-2010-007: EMC Avamar Denial Of Service Vulnerability

Identifier: ESA-2010-007
CVE Identifier: CVE-2010-1919

Severity Rating:=A0=A0CVSS v2 Base Score: 7.1 =
(AV:N/AC:M/Au:N/C:N/I:N/A:C)

Affected products:
EMC Avamar version 4.1.x
EMC Avamar version 5.0

Please note EMC Avamar 5.0 SP1 is not affected by this issue.

Vulnerability Summary:
A vulnerability exists in EMC Avamar which can be exploited by an =
unauthenticated remote user to cause denial of service.

Vulnerability Details:
The vulnerability in EMC Avamar may allow a remote unauthenticated user =
to send a specially-crafted message over TCP to hang gsan service =
causing denial of service condition on the Avamar grid. As a result, the =
affected=A0=A0grid would require a system reboot to clear the problem.

Problem Resolution:

For Avamar 4.1.x, a patch (#18975) is available to correct this =
issue.=A0=A0Please contact EMC Customer Service to have this patch =
installed.

For Avamar 5.0, the fix is available in 5.0 SP1.=A0=A0Please contact EMC =
Customer Service to request an upgrade to 5.0 SP1 or higher.

EMC strongly recommends all customers apply security patches, which =
contain the resolution to this issue, at the earliest opportunity.

For explanation of Severity Ratings, refer to EMC Knowledgebase solution =
emc218831.

Read and utilize the information in this product alert to assist in =
avoiding any situation that might arise from the problems described =
herein. If you have any questions regarding this product alert, contact =
EMC Software Technical Support at 1-877-534-2867.

Also, refer to the release supplements for each product for information =
regarding the new Software packages, build information, and fixes that =
may be included in addition to the security vulnerability fix at =
Powerlink. From the Powerlink home page menu bar, select Home > Support =
> Technical Documentation and Advisories > Software ~ A-B ~ =
Documentation > Avamar

EMC Corporation distributes EMC Security Advisories in order to bring to =
the attention of users of the affected EMC products important security =
information. EMC recommends all users determine the applicability of =
this information to their individual situations and take appropriate =
action. The information set forth herein is provided "as is" without =
warranty of any kind. EMC disclaims all warranties, either express or =
implied, including the warranties of merchantability, fitness for a =
particular purpose, title and non-infringement. In no event shall EMC or =
its suppliers be liable for any damages whatsoever including direct, =
indirect, incidental, consequential, loss of business profits or special =
damages, even if EMC or its suppliers have been advised of the =
possibility of such damages. Some states do not allow the exclusion or =
limitation of liability for consequential or incidental damages so the =
foregoing limitation may not apply.


EMC Product Security Response Center

Security_Alert@EMC.com

http://www.emc.com/contact-us/contact/product-security-response-center.ht=
m

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC