SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   EMC Avamar Vendors:   EMC
EMC Avamar Data Store and Virtual Edition Unspecified Flaw Lets Remote Authenticated Users Gain Elevated Privileges
SecurityTracker Alert ID:  1037066
SecurityTracker URL:  http://securitytracker.com/id/1037066
CVE Reference:   CVE-2016-0909   (Links to External Site)
Date:  Oct 20 2016
Impact:   Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Avamar Data Store (ADS), Avamar Virtual Edition (AVE), 7.3.0 and prior
Description:   A vulnerability was reported in EMC Avamar Data Store and Avamar Virtual Edition. A remote authenticated user can gain elevated privileges.

A remote authenticated non-privileged user can executed PostgreSQL commands to gain elevated privileges on the target system. This can be exploited to gain administrative privileges on the underlying operating system.

Geoffrey Janjua and Matteo Tarbet from Northrup Grumman reported this vulnerability.

Impact:   A remote authenticated user can gain elevated privileges on the target system.
Solution:   The vendor has issued a fix (7.3.0-233 with Hotfix 263301; Advisory ESA-2016-111).
Vendor URL:  www.emc.com/ (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (FreeBSD), UNIX (HP/UX), UNIX (macOS/OS X), UNIX (Open UNIX-SCO), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC