This post is more than 5 years old
2 Posts
0
1054
December 7th, 2016 09:00
ESA-2016-111: Privilege Escalation Vulnerability
Hello,
Was the privilege escalation vulnerability mentioned in ESA-2016-111 (CVE-2016-0909) fixed in 7.3.1?
The advisory states:
"The following EMC Avamar release contains a resolution to this vulnerability: Avamar Server 7.3.0-233 with hotfix 263301"
The announcement on seclists seems to imply that 7.3.1 is not affected by this vulnerability:
"Affected products:
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and older"
http://seclists.org/bugtraq/2016/Oct/att-45/ESA-2016-111.txt
However, I can't find anything specifically stating that the vulnerability was fixed in the release notes except maybe "Secure session tickets" or "Postgres updated to the latest version".
Thanks for your assistance.
ionthegeek
2 Intern
•
2K Posts
0
December 7th, 2016 12:00
The code required to close the vulnerability is available in Avamar 7.3.1 and in Avamar 7.3.0 when the latest MCS rollup hotfix is installed. However, in order to close the vulnerability, additional steps are required as noted in the ESA. In order to prevent the privilege escalation, certificate-based authentication has to be enabled for Postgres. The instructions are in the KB article linked in the advisory.
That said, it is vanishingly unlikely that this vulnerability could be exploited in the wild since it would require the creation and subsequent compromise of a non-privileged OS user account on the Avamar server. Since adding non-privileged OS user accounts to the Avamar system is not supported, this vulnerability would be extremely difficult to exploit in the wild.
googlebot1
2 Posts
0
December 7th, 2016 12:00
Thank you for this information, Ian.
ionthegeek
2 Intern
•
2K Posts
0
December 7th, 2016 18:00
My pleasure!