EMC NetWorker nsr_render_log Local Privilege Escalation

High Nessus Plugin ID 83032

Synopsis

The remote Windows host has an application installed that is affected by a local privilege escalation vulnerability.

Description

The EMC NetWorker installed on the remote Windows host is a version prior to 8.0.4.3, or version 8.1.x prior to 8.1.2.6, or 8.2.x prior to 8.2.1.2 . It is, therefore, affected by a buffer overflow flaw in the nsr_render_log command-line interface. A local attacker can exploit this to execute arbitrary code with root privileges on all EMC Networker managed hosts.

Solution

Upgrade to EMC NetWorker 8.0.4.3 / 8.1.2.6 / 8.2.1.2 or later.

See Also

https://seclists.org/bugtraq/2015/Apr/att-103/ESA-2015-069.txt

Plugin Details

Severity: High

ID: 83032

File Name: emc_networker_esa_2015-069.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 2015/04/23

Updated: 2018/11/15

Dependencies: 62945

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:emc:networker

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/04/13

Vulnerability Publication Date: 2015/04/13

Reference Information

CVE: CVE-2015-0530

BID: 74164