SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   EMC Data Protection Advisor Vendors:   EMC
EMC Data Protection Advisor Collector for Solaris File Permission Error Lets Remote Authenticated Users Gain Elevated Privileges
SecurityTracker Alert ID:  1025253
SecurityTracker URL:  http://securitytracker.com/id/1025253
CVE Reference:   CVE-2011-1420   (Links to External Site)
Date:  Mar 25 2011
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): EMC Data Protection Advisor Collector for Solaris SPARC 5.7 and 5.7.1 prior to Build 5833
Description:   A vulnerability was reported in EMC Data Protection Advisor Collector for Solaris. A remote authenticated user can execute arbitrary code on the target system.

Some files contain incorrect permissions. A remote authenticated user can execute arbitrary code in the context of a privileged user on the target system.

Stefan Wuensch of Harvard University reported this vulnerability.

Impact:   A remote authenticated user can execute arbitrary code on the target system.
Solution:   The vendor has issued a fix:

EMC Data Protection Advisor Collector for Solaris SPARC 5.7 (Build 5833)
EMC Data Protection Advisor Collector for Solaris SPARC 5.7.1 (Build 5833)
EMC Data Protection Advisor Collector for Solaris SPARC 5.7 Patch DPA-8873
EMC Data Protection Advisor Collector for Solaris SPARC 5.7.1 Patch DPA-8873

Vendor URL:  www.emc.com/ (Links to External Site)
Cause:   Access control error, Configuration error
Underlying OS:  UNIX (Solaris - SunOS)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC