SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   EMC Avamar Vendors:   EMC
EMC Avamar Unspecified Flaw in gsan Service Lets Remote Users Deny Service
SecurityTracker Alert ID:  1024036
SecurityTracker URL:  http://securitytracker.com/id/1024036
CVE Reference:   CVE-2010-1919   (Links to External Site)
Date:  May 26 2010
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.1.x, 5.0
Description:   A vulnerability was reported in EMC Avamar. A remote user can cause denial of service conditions.

A remote user can send a specially crafted message via TCP to cause the target gsan service to hang.

A reboot is required to return the affected grid to normal operations.

Impact:   A remote user can cause the target gsan service to hang. A reboot is required to return the grid to normal operations.
Solution:   The vendor has issued a fix (5.0 SP1).

A patch is also available for version 4.1.x (patch #18975).

Vendor URL:  www.emc.com/ (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (FreeBSD), UNIX (HP/UX), UNIX (Open UNIX-SCO), UNIX (macOS/OS X), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  ESA-2010-007: EMC Avamar Denial Of Service Vulnerability

ESA-2010-007: EMC Avamar Denial Of Service Vulnerability

Identifier: ESA-2010-007
CVE Identifier: CVE-2010-1919

Severity Rating:=A0=A0CVSS v2 Base Score: 7.1 =
(AV:N/AC:M/Au:N/C:N/I:N/A:C)

Affected products:
EMC Avamar version 4.1.x
EMC Avamar version 5.0

Please note EMC Avamar 5.0 SP1 is not affected by this issue.

Vulnerability Summary:
A vulnerability exists in EMC Avamar which can be exploited by an =
unauthenticated remote user to cause denial of service.

Vulnerability Details:
The vulnerability in EMC Avamar may allow a remote unauthenticated user =
to send a specially-crafted message over TCP to hang gsan service =
causing denial of service condition on the Avamar grid. As a result, the =
affected=A0=A0grid would require a system reboot to clear the problem.

Problem Resolution:

For Avamar 4.1.x, a patch (#18975) is available to correct this =
issue.=A0=A0Please contact EMC Customer Service to have this patch =
installed.

For Avamar 5.0, the fix is available in 5.0 SP1.=A0=A0Please contact EMC =
Customer Service to request an upgrade to 5.0 SP1 or higher.

EMC strongly recommends all customers apply security patches, which =
contain the resolution to this issue, at the earliest opportunity.

For explanation of Severity Ratings, refer to EMC Knowledgebase solution =
emc218831.

Read and utilize the information in this product alert to assist in =
avoiding any situation that might arise from the problems described =
herein. If you have any questions regarding this product alert, contact =
EMC Software Technical Support at 1-877-534-2867.

Also, refer to the release supplements for each product for information =
regarding the new Software packages, build information, and fixes that =
may be included in addition to the security vulnerability fix at =
Powerlink. From the Powerlink home page menu bar, select Home > Support =
> Technical Documentation and Advisories > Software ~ A-B ~ =
Documentation > Avamar

EMC Corporation distributes EMC Security Advisories in order to bring to =
the attention of users of the affected EMC products important security =
information. EMC recommends all users determine the applicability of =
this information to their individual situations and take appropriate =
action. The information set forth herein is provided "as is" without =
warranty of any kind. EMC disclaims all warranties, either express or =
implied, including the warranties of merchantability, fitness for a =
particular purpose, title and non-infringement. In no event shall EMC or =
its suppliers be liable for any damages whatsoever including direct, =
indirect, incidental, consequential, loss of business profits or special =
damages, even if EMC or its suppliers have been advised of the =
possibility of such damages. Some states do not allow the exclusion or =
limitation of liability for consequential or incidental damages so the =
foregoing limitation may not apply.


EMC Product Security Response Center

Security_Alert@EMC.com

http://www.emc.com/contact-us/contact/product-security-response-center.ht=
m

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC