{"id": "SECURITYVULNS:VULN:11533", "bulletinFamily": "software", "title": "EMC Data Protection Advisor Collector weak security permissions", "description": "Weak permissions for executable files.", "published": "2011-03-25T00:00:00", "modified": "2011-03-25T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11533", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:26002"], "cvelist": ["CVE-2011-1420"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:41", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "dd000fbf712c3e2b06b5add84d4a0aae"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "30d9007f9897924b9b1a06fcac8c9bcb"}, {"key": "cvss", "hash": "cfd16da9581e0c21db590e40dfd9e493"}, {"key": "description", "hash": "52aa89016ce86c2807b6ae7af5d96e5f"}, {"key": "href", "hash": "eca97d2273e67048cbc76f68987b48f6"}, {"key": "modified", "hash": "bbf16466bba79bb2071123977ce65622"}, {"key": "published", "hash": "bbf16466bba79bb2071123977ce65622"}, {"key": "references", "hash": "87dc08464f23d4179820878f924fbe59"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "95cd87368980fd9e5e7b139532b5ace2"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "b4dc31157995bd65ed17ba9d5c4adc4aea64641f92ca991120e71557f1ae62b8", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-08-31T11:09:41"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-1420"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26002"]}, {"type": "seebug", "idList": ["SSV:20412"]}], "modified": "2018-08-31T11:09:41"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "affectedSoftware": [{"name": "EMC Data Protection Advisor Collector", "operator": "eq", "version": "5.7"}]}

{"cve": [{"lastseen": "2018-10-10T11:34:11", "bulletinFamily": "NVD", "description": "EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.", "modified": "2018-10-09T15:30:50", "published": "2011-03-28T12:55:04", "id": "CVE-2011-1420", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1420", "title": "CVE-2011-1420", "type": "cve", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:05:38", "bulletinFamily": "exploit", "description": "Bugtraq ID: 47036\r\nCVE ID\uff1aCVE-2011-1420\r\n\r\nEMC Data Protection Advisor Collector\u662f\u4e00\u6b3e\u6570\u636e\u5907\u4efd\u62a5\u544a\u5de5\u5177\u3002\r\nSolaris SPARC\u5e73\u53f0\u4e0b\u7684EMC Data Protection Advisor Collector\u4e0d\u6b63\u786e\u8bbe\u7f6e\u6587\u4ef6\u6743\u9650\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u4ee5\u76ee\u6807\u7528\u6237\u5b89\u5168\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u53ef\u5bfc\u81f4\u7279\u6743\u63d0\u5347\u3002\n\nEMC Data Protection Advisor Collector for Solaris SPARC 5.7.1\r\nEMC Data Protection Advisor Collector for Solaris SPARC 5.7\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\nEMC Data Protection Advisor Collector for Solaris SPARC 5.7.Build 5833\u548c5.7.1.Build 5833\u5df2\u7ecf\u4fee\u590d\u6b64\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.emc.com/?fromGlobalSiteSelect", "modified": "2011-03-29T00:00:00", "published": "2011-03-29T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20412", "id": "SSV:20412", "title": "EMC Data Protection Advisor Collector for Solaris SPARC\u4e0d\u5b89\u5168\u6587\u4ef6\u6743\u9650\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "securityvulns": [{"lastseen": "2018-08-31T11:10:39", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nESA-2011-010: EMC Data Protection Advisor Collector arbitrary code execution\r\nwith elevated privileges vulnerability\r\n\r\nEMC Identifier: ESA-2011-010\r\n\r\nCVE Identifier: CVE-2011-1420\r\n\r\nSeverity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)\r\n\r\nAffected products:\r\nEMC Data Protection Advisor Collector for Solaris SPARC 5.7 earlier than\r\nBuild 5833\r\nEMC Data Protection Advisor Collector for Solaris SPARC 5.7.1 earlier than\r\nBuild 5833\r\n\r\nVulnerability Summary:\r\nEMC Data Protection Advisor Collector for Solaris SPARC contains potential\r\nsecurity vulnerability that can be exploited to execute malicious code with\r\nelevated privileges on the affected system.\r\n\r\nVulnerability Details:\r\nUnspecified files in EMC Data Protection Advisor Collector for Solaris SPARC\r\ncontain incorrect permissions. This can be potentially exploited in certain\r\nconditions by an authenticated user to execute malicious code in the context\r\nof privileged user on the affected system.\r\n\r\nProblem Resolution:\r\n\r\nThe following EMC Data Protection Advisor Collector products contain\r\nresolution to this issue:\r\n\r\nEMC Data Protection Advisor Collector for Solaris SPARC 5.7 (Build 5833) \r\nEMC Data Protection Advisor Collector for Solaris SPARC 5.7.1 (Build 5833) \r\nEMC Data Protection Advisor Collector for Solaris SPARC 5.7 Patch DPA-8873 \r\nEMC Data Protection Advisor Collector for Solaris SPARC 5.7.1 Patch DPA-8873 \r\n\r\n\r\nNote: EMC Data Protection Advisor Collector binaries for other platforms are\r\nnot affected.\r\n\r\nEMC strongly recommends all customers apply the patch or upgrade to the\r\nlatest version of the product, which contain the resolution to this issue, at\r\nthe earliest opportunity.\r\n\r\nLink to remedies:\r\nRegistered EMC Powerlink customers can download software from Powerlink.\r\n\r\nFor Data Protection Advisor Software, navigate in Powerlink to Home >\r\nSupport > Software Downloads and Licensing > Downloads D > Data Protection\r\nAdvisor.\r\n\r\nCustomers who previously downloaded version 5.7 and 5.7 SP1 of the product\r\ncan contact EMC Customer Support at 1-800-782-4362 to obtain the patch.\r\n\r\n\r\nBecause the view is restricted based on customer agreements, you may not\r\nhave permission to view certain downloads. Should you not see a software\r\ndownload you believe you should have access to, follow the instructions in\r\nEMC Knowledgebase solution emc116045.\r\n\r\nFor explanation of Severity Ratings, refer to EMC Knowledgebase solution\r\nemc218831. EMC recommends that all customers take into account both the base\r\nscore and any relevant temporal and environmental scores, which may impact\r\nthe potential severity associated with particular security vulnerability.\r\n\r\nCredits:\r\nEMC would like to thank Stefan Wuensch of Harvard University for reporting\r\nthe issue.\r\n\r\nEMC Corporation distributes EMC Security Advisories in order to bring to the\r\nattention of users of the affected EMC products important security\r\ninformation. EMC recommends all users determine the applicability of this\r\ninformation to their individual situations and take appropriate action. The\r\ninformation set forth herein is provided "as is" without warranty of any\r\nkind. EMC disclaims all warranties, either express or implied, including the\r\nwarranties of merchantability, fitness for a particular purpose, title and\r\nnon-infringement. In no event shall EMC or its suppliers be liable for any\r\ndamages whatsoever including direct, indirect, incidental, consequential,\r\nloss of business profits or special damages, even if EMC or its suppliers\r\nhave been advised of the possibility of such damages. Some states do not\r\nallow the exclusion or limitation of liability for consequential or\r\nincidental damages so the foregoing limitation may not apply.\r\n\r\nEMC Product Security Response Center\r\nSecurity_Alert@EMC.com\r\nhttp://www.emc.com/contact-us/contact/product-security-response-center.htm\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (Cygwin)\r\n\r\niEYEARECAAYFAk2Mpg8ACgkQtjd2rKp+ALyi+wCfX9FZr1oWdDtMdDEZfS5E/fjm\r\nkBcAn1o3lj2u6dv8I/vOY0sSyxpVdJH9\r\n=UIts\r\n-----END PGP SIGNATURE-----", "modified": "2011-03-25T00:00:00", "published": "2011-03-25T00:00:00", "id": "SECURITYVULNS:DOC:26002", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26002", "title": "ESA-2011-010: EMC Data Protection Advisor Collector arbitrary code execution with elevated privileges vulnerability", "type": "securityvulns", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}