EMC Avamar Unspecified Flaw in gsan Service Lets Remote Users Deny Service
SecurityTracker Alert ID: 1024036|
SecurityTracker URL: http://securitytracker.com/id/1024036
(Links to External Site)
Date: May 26 2010
Denial of service via network|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): 4.1.x, 5.0|
A vulnerability was reported in EMC Avamar. A remote user can cause denial of service conditions.|
A remote user can send a specially crafted message via TCP to cause the target gsan service to hang.
A reboot is required to return the affected grid to normal operations.
A remote user can cause the target gsan service to hang. A reboot is required to return the grid to normal operations.|
The vendor has issued a fix (5.0 SP1).|
A patch is also available for version 4.1.x (patch #18975).
Vendor URL: www.emc.com/ (Links to External Site)
|Underlying OS: Linux (Any), UNIX (AIX), UNIX (FreeBSD), UNIX (HP/UX), UNIX (Open UNIX-SCO), UNIX (macOS/OS X), UNIX (Solaris - SunOS), Windows (Any)|
Source Message Contents
Subject: ESA-2010-007: EMC Avamar Denial Of Service Vulnerability|
ESA-2010-007: EMC Avamar Denial Of Service Vulnerability
CVE Identifier: CVE-2010-1919
Severity Rating:=A0=A0CVSS v2 Base Score: 7.1 =
EMC Avamar version 4.1.x
EMC Avamar version 5.0
Please note EMC Avamar 5.0 SP1 is not affected by this issue.
A vulnerability exists in EMC Avamar which can be exploited by an =
unauthenticated remote user to cause denial of service.
The vulnerability in EMC Avamar may allow a remote unauthenticated user =
to send a specially-crafted message over TCP to hang gsan service =
causing denial of service condition on the Avamar grid. As a result, the =
affected=A0=A0grid would require a system reboot to clear the problem.
For Avamar 4.1.x, a patch (#18975) is available to correct this =
issue.=A0=A0Please contact EMC Customer Service to have this patch =
For Avamar 5.0, the fix is available in 5.0 SP1.=A0=A0Please contact EMC =
Customer Service to request an upgrade to 5.0 SP1 or higher.
EMC strongly recommends all customers apply security patches, which =
contain the resolution to this issue, at the earliest opportunity.
For explanation of Severity Ratings, refer to EMC Knowledgebase solution =
Read and utilize the information in this product alert to assist in =
avoiding any situation that might arise from the problems described =
herein. If you have any questions regarding this product alert, contact =
EMC Software Technical Support at 1-877-534-2867.
Also, refer to the release supplements for each product for information =
regarding the new Software packages, build information, and fixes that =
may be included in addition to the security vulnerability fix at =
Powerlink. From the Powerlink home page menu bar, select Home > Support =
> Technical Documentation and Advisories > Software ~ A-B ~ =
Documentation > Avamar
EMC Corporation distributes EMC Security Advisories in order to bring to =
the attention of users of the affected EMC products important security =
information. EMC recommends all users determine the applicability of =
this information to their individual situations and take appropriate =
action. The information set forth herein is provided "as is" without =
warranty of any kind. EMC disclaims all warranties, either express or =
implied, including the warranties of merchantability, fitness for a =
particular purpose, title and non-infringement. In no event shall EMC or =
its suppliers be liable for any damages whatsoever including direct, =
indirect, incidental, consequential, loss of business profits or special =
damages, even if EMC or its suppliers have been advised of the =
possibility of such damages. Some states do not allow the exclusion or =
limitation of liability for consequential or incidental damages so the =
foregoing limitation may not apply.
EMC Product Security Response Center