Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-2291

EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack.

Published

2013-01-21T21:55:00.887

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.2 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	emc	avamar	4.0	Yes
Application	emc	avamar	4.1	Yes
Application	emc	avamar	5.0	Yes
Application	emc	avamar	5.0	Yes
Application	emc	avamar	5.0	Yes
Application	emc	avamar	5.0.0-407	Yes
Application	emc	avamar	5.0.4-26	Yes
Application	emc	avamar	6.0	Yes
Operating System	apple	mac_os_x	*	No
Operating System	hp	hp-ux	*	No
Application	emc	avamar_plugin	4.0	Yes
Application	emc	avamar_plugin	5.0	Yes
Application	emc	avamar_plugin	6.0	Yes
Application	emc	avamar_plugin	6.1	Yes

References

http://archives.neohapsis.com/archives/bugtraq/2013-01/0086.html ([email protected])
http://archives.neohapsis.com/archives/bugtraq/2013-01/0086.html (af854a3a-2127-422b-91ae-364da2661108)