Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration.
References
Link | Resource |
---|---|
http://seclists.org/bugtraq/2016/Sep/31 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1036844 | |
http://seclists.org/bugtraq/2016/Sep/31 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1036844 |
Configurations
History
21 Nov 2024, 02:42
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/bugtraq/2016/Sep/31 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1036844 - |
Information
Published : 2016-09-21 02:59
Updated : 2024-11-21 02:42
NVD link : CVE-2016-0920
Mitre link : CVE-2016-0920
CVE.ORG link : CVE-2016-0920
JSON object : View
Products Affected
emc
- avamar_server
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')