Vulnerability Description
EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Avamar | 4.0 |
| Apple | Mac Os X | All versions |
| Hp | Hp-Ux | All versions |
| Emc | Avamar Plugin | 4.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2013-01/0086.html
- http://archives.neohapsis.com/archives/bugtraq/2013-01/0086.html
FAQ
What is CVE-2012-2291?
CVE-2012-2291 is a vulnerability with a CVSS score of 7.2 (HIGH). EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to ga...
How severe is CVE-2012-2291?
CVE-2012-2291 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2291?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Avamar, Apple Mac Os X, Hp Hp-Ux, Emc Avamar Plugin.