Weak Permissions in EMC Avamar Server Allow Local Users to Obtain Root Access

Weak Permissions in EMC Avamar Server Allow Local Users to Obtain Root Access

CVE-2016-0921 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program.

Learn more about our Cis Benchmark Audit For Server Software.