The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of EMC Avamar Data Store, Virtual Edition: five vulnerabilities

Synthesis of the vulnerability 

An attacker can use several vulnerabilities of EMC Avamar Data Store, Virtual Edition.
Impacted products: Avamar.
Severity of this bulletin: 3/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 14/09/2016.
Revision date: 20/09/2016.
Références of this threat: 489195, CVE-2016-0903, CVE-2016-0904, CVE-2016-0905, CVE-2016-0920, CVE-2016-0921, ESA-2016-065, VIGILANCE-VUL-20607.

Description of the vulnerability 

Several vulnerabilities were announced in EMC Avamar Data Store, Virtual Edition.

An attacker can spoof the client identity in a request to restore a previous backup. [severity:3/4; CVE-2016-0903]

The encryption of communications between the Avamar agent and the Avamar server is based on constant keys, which implies easily recoverable ones. [severity:2/4; CVE-2016-0904]

An attacker can use sudo to get root privileges without the normally required passwords. [severity:3/4; CVE-2016-0905]

An attacker can inject an arbitrary shell command into an authorized sudo command, in order to run code. [severity:3/4; CVE-2016-0920]

An attacker can make profit of insufficient restrictions to access rights to program to change programs that will be run as root. [severity:3/4; CVE-2016-0921]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness announce impacts software or systems such as Avamar.

Our Vigil@nce team determined that the severity of this security alert is important.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 5 vulnerabilities.

An attacker with a expert ability can exploit this vulnerability.

Solutions for this threat 

EMC Avamar Data Store, Virtual Edition: solution.
The solution is indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computers vulnerabilities patches. The Vigil@nce vulnerability database contains several thousand vulnerabilities.