Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:26164
HistoryApr 19, 2011 - 12:00 a.m.

ESA-2011-013: EMC NetWorker arbitrary code execution with elevated privileges vulnerability

2011-04-1900:00:00
vulners.com
6

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2011-013: EMC NetWorker arbitrary code execution with elevated
privileges vulnerability.

EMC Identifier: ESA-2011-013

CVE Identifier: CVE-2011-1421

Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)

Affected products:

EMC SW: EMC NetWorker 7.5.x
EMC SW: EMC NetWorker 7.6.x

Vulnerability Summary:

EMC NetWorker contains a potential security vulnerability that can be
exploited to execute malicious code with elevated privileges on the
affected system.

ulnerability Details:

Unspecified file in EMC NetWorker contains incorrect permissions.
This can potentially be exploited in certain conditions by an
authenticated user to execute malicious code in the context of
privileged user on the affected system. The vulnerability only exists
for environments that are utilizing client push.

Problem Resolution:

The following EMC NetWorker products contain resolution to this
issue:

EMC NetWorker 7.6.1.5 and later cumulative build. For details
regarding all fixes included in this build, refer to the NetWorker 7.6
Cumulative Hotfixes document on <A
href="http://powerlink.emc.com/&quot;&gt;Powerlink&lt;/A&gt;. Home > Products >
Software E-O > NetWorker > Key Enhancements/Support Notes > NetWorker
7.6.

EMC NetWorker 7.5.4.3 and later cumulative build. For details
regarding all fixes included in this build refer to the NetWorker 7.5
Cumulative Hotfixes document on <A
href="http://powerlink.emc.com/&quot;&gt;Powerlink&lt;/A&gt;. Home > Products >
Software E-O > NetWorker > Key Enhancements/Support Notes > NetWorker
7.5.

EMC strongly recommends, at the earliest opportunity, all customers
apply the patch or upgrade to the latest version of the product which
contains the resolution to this issue.

Link to remedies:
Registered EMC Powerlink customers can download software from
Powerlink.

For EMC NetWorker Software, navigate in Powerlink to Home > Support >
Technical Documentation and Advisories > Software J-O Documentation >
NetWorker Family > NetWorker and select the applicable NetWorker
version.

Because the view is restricted based on customer agreements, you may
not have permission to view certain downloads. Should you not see a
software download you believe you should have access to, follow the
instructions in EMC Knowledgebase solution emc116045.

Credits: EMC would like to thank Stefan Wuensch of Harvard University
for reporting this issue.

For an explanation of Severity Ratings, refer to EMC Knowledgebase
solution emc218831. EMC recommends all customers take into account
both the base score and any relevant temporal and environmental scores
which may impact the potential severity associated with particular
security vulnerability.

EMC Corporation distributes EMC Security Advisories in order to bring
to the attention of users of the affected EMC products important
security information. EMC recommends all users determine the
applicability of this information to their individual situations and
take appropriate action. The information set forth herein is provided
"as is" without warranty of any kind. EMC disclaims all warranties,
either express or implied, including the warranties of
merchantability, fitness for a particular purpose, title and
non-infringement. In no event shall EMC or its suppliers be liable for
any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages, even if
EMC or its suppliers have been advised of the possibility of such
damages. Some states do not allow the exclusion or limitation of
liability for consequential or incidental damages so the foregoing
limitation may not apply.

EMC Product Security Response Center
[email protected]
http://www.emc.com/contact-us/contact/product-security-response-center.htm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)

iEYEARECAAYFAk2sUI4ACgkQtjd2rKp+ALwazQCffTWxnsdsJv2+orawG4y6YrlR
r6oAoKCfSYRY29/lkQYCdRccY3PDr1Cc
=uaa+
-----END PGP SIGNATURE-----

Related for SECURITYVULNS:DOC:26164