Detections
Analytics

EMC NetWorker nsr_render_log Local Privilege Escalation

high Nessus Plugin ID 83032

Language:

Synopsis

The remote Windows host has an application installed that is affected by a local privilege escalation vulnerability.

Description

The EMC NetWorker installed on the remote Windows host is a version prior to 8.0.4.3, or version 8.1.x prior to 8.1.2.6, or 8.2.x prior to 8.2.1.2 . It is, therefore, affected by a buffer overflow flaw in the nsr_render_log command-line interface. A local attacker can exploit this to execute arbitrary code with root privileges on all EMC Networker managed hosts.

Solution

Upgrade to EMC NetWorker 8.0.4.3 / 8.1.2.6 / 8.2.1.2 or later.

See Also

https://seclists.org/bugtraq/2015/Apr/att-103/ESA-2015-069.txt

Plugin Details

Severity: High

ID: 83032

File Name: emc_networker_esa_2015-069.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 4/23/2015

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:emc:networker

Required KB Items: installed_sw/EMC NetWorker

Exploit Ease: No known exploits are available

Patch Publication Date: 4/13/2015

Vulnerability Publication Date: 4/13/2015

Reference Information

CVE: CVE-2015-0530

BID: 74164