[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    ESA-2013-033: EMC NetWorker Information Disclosure Vulnerability
From:       Security Alert <Security_Alert () emc ! com>
Date:       2013-07-29 14:05:06
Message-ID: 37F0BE0896DB1544B5BEFBE34F79D05330F48990 () MX103CL01 ! corp ! emc ! com
[Download RAW message or body]

["ESA-2013-033.txt" (text/plain)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2013-033: EMC NetWorker Information Disclosure Vulnerability

EMC Identifier: ESA-2013-033

EMC Identifier: NW144712

CVE Identifier: CVE-2013-0943

Severity Rating: CVSS v2 Base Score: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)

Affected products:  
•	EMC NetWorker 8.0.0.x
•	EMC NetWorker 8.0.1.x
•	EMC NetWorker 7.6.x.x

Summary: 
 
A vulnerability exists in EMC NetWorker that could allow exposure of certain \
sensitive configuration information under specific circumstances.

Details: 

A privileged user on either Unix or Windows family operating systems may use the \
nsradmin utility on EMC Networker to potentially decrypt data leading to exposure of \
sensitive configuration information.


Note: This vulnerability affects all NetWorker platforms.

Resolution:  

The following EMC NW products contain a resolution for these issues:
•	EMC NetWorker 8.1 and above

EMC strongly recommends that all customers upgrade to above NetWorker build.

Link to remedies:

For information regarding all fixes included in the above build(s), refer to \
support.emc.com.  Select “Support by Product” and type “NetWorker”(Direct link \
NetWorker). From this page select “Downloads”, “Documentation” or “Advisories” as \
required.


[The following is standard text included in all security advisories.  Please do not \
change or delete.]

Read and use the information in this EMC Security Advisory to assist in avoiding any \
situation that might arise from the problems described herein. If you have any \
questions regarding this product alert, contact EMC Software Technical Support at \
1-877-534-2867.

For an explanation of Severity Ratings, refer to EMC Knowledgebase solution \
emc218831. EMC recommends all customers take into account both the base score and any \
relevant temporal and environmental scores which may impact the potential severity \
associated with particular security vulnerability.

EMC Corporation distributes EMC Security Advisories, in order to bring to the \
attention of users of the affected EMC products, important security information. EMC \
recommends that all users determine the applicability of this information to their \
individual situations and take appropriate action. The information set forth herein \
is provided "as is" without warranty of any kind. EMC disclaims all warranties, \
either express or implied, including the warranties of merchantability, fitness for a \
particular purpose, title and non-infringement. In no event, shall EMC or its \
suppliers, be liable for any damages whatsoever including direct, indirect, \
incidental, consequential, loss of business profits or special damages, even if EMC \
or its suppliers have been advised of the possibility of such damages. Some states do \
not allow the exclusion or limitation of liability for consequential or incidental \
damages, so the foregoing limitation may not apply.







-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Cygwin)

iEYEARECAAYFAlH2dhwACgkQtjd2rKp+ALytWACgmg+//S0QlI2VJQsPeyOfPz2d
nSwAn2mV7SesfnC0qz0coC37n1E7ygEx
=IFWN
-----END PGP SIGNATURE-----



[prev in list] [next in list] [prev in thread] [next in thread]