CVE-2012-2291

EMC Avamar Client 4.x-6.x and Avamar Plugin 4.x-6.x - Privilege Escalation via World-Writable Cache Directory

Title source: llm
STIX 2.1

Description

EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack.

References (1)

Core 1
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-01/0086.html

Scores

EPSS 0.0003
EPSS Percentile 9.7%

Details

CWE
CWE-264
Status published
Products (10)
emc/avamar 4.0
emc/avamar 4.1
emc/avamar 5.0 (3 CPE variants)
emc/avamar 5.0.0-407
emc/avamar 5.0.4-26
emc/avamar 6.0
emc/avamar_plugin 4.0
emc/avamar_plugin 5.0
emc/avamar_plugin 6.0
emc/avamar_plugin 6.1
Published Jan 21, 2013
Tracked Since Feb 18, 2026