Vigil@nce - EMC Avamar: file corruption via Backup client for Linux
December 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When EMC Avamar Backup client for Linux is used, permissions on
the cache directory allows a local attacker to corrupt a file with
root privileges.
Impacted products: Avamar
Severity: 1/4
Creation date: 21/12/2012
DESCRIPTION OF THE VULNERABILITY
The EMC Avamar product uses the Backup client for Linux, in order
to save desktop data.
Backup client for Linux stores its data in the /var/avamar cache
directory. However, after its execution, files in this directory
are publicly writable.
When EMC Avamar Backup client for Linux is used, permissions on
the cache directory therefore allows a local attacker to corrupt a
file with root privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/EMC-Avamar-file-corruption-via-Backup-client-for-Linux-12253