Vulnerability-Lookup

FKIE_CVE-2011-1420

Vulnerability from fkie_nvd - Published: 2011-03-28 16:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.

References

	URL	Tags
	security_alert@emc.com	http://secunia.com/advisories/43893
	security_alert@emc.com	http://securityreason.com/securityalert/8169
	security_alert@emc.com	http://securitytracker.com/id?1025253
	security_alert@emc.com	http://www.securityfocus.com/archive/1/517179/100/0/threaded
	security_alert@emc.com	http://www.securityfocus.com/bid/47036
	security_alert@emc.com	http://www.vupen.com/english/advisories/2011/0783
	security_alert@emc.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/66323
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/43893
	af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/8169
	af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1025253
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/517179/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47036
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2011/0783
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/66323

Impacted products

Vendor	Product	Version
emc	data_protection_advisor_collector	5.7
emc	data_protection_advisor_collector	5.7.1
oracle	solaris_sparc	*

JSON

To clipboard Create KEV Entry

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:data_protection_advisor_collector:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7D64DF5-7B9E-4E98-B3E7-4C95D41AEE17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:emc:data_protection_advisor_collector:5.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "12BF8AAB-BFF1-405A-B7BF-38CAFE44CBF5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:solaris_sparc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4631B2DD-D14D-4A02-9DE0-F724C18644C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors."
    },
    {
      "lang": "es",
      "value": "EMC Data Protection Advisor Collector v5.7 y v5.7.1 en plataformas Solaris SPARC utiliza permisos d\u00e9biles para archivos no espec\u00edficos,lo que permite a usuarios locales conseguir privilegios a trav\u00e9s de vectores desconocidos."
    }
  ],
  "id": "CVE-2011-1420",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-03-28T16:55:04.810",
  "references": [
    {
      "source": "security_alert@emc.com",
      "url": "http://secunia.com/advisories/43893"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://securityreason.com/securityalert/8169"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://securitytracker.com/id?1025253"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securityfocus.com/archive/1/517179/100/0/threaded"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.securityfocus.com/bid/47036"
    },
    {
      "source": "security_alert@emc.com",
      "url": "http://www.vupen.com/english/advisories/2011/0783"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66323"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1025253"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/517179/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47036"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66323"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2011-1420 (GCVE-0-2011-1420)

Vulnerability from cvelistv5 – Published: 2011-03-28 16:00 – Updated: 2024-08-06 22:28

Summary

EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.

Severity ?

No CVSS data available.

CWE

Assigner

dell

References

URL

Tags

	http://www.securityfocus.com/bid/47036	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/517179/100…	mailing-listx_refsource_BUGTRAQ
	http://securityreason.com/securityalert/8169	third-party-advisoryx_refsource_SREASON
	http://securitytracker.com/id?1025253	vdb-entryx_refsource_SECTRACK
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2011/0783	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/43893	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard Create KEV Entry

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:28:41.322Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "47036",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47036"
          },
          {
            "name": "20110325 ESA-2011-010: EMC Data Protection Advisor Collector arbitrary code execution with elevated privileges vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/517179/100/0/threaded"
          },
          {
            "name": "8169",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8169"
          },
          {
            "name": "1025253",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1025253"
          },
          {
            "name": "emc-dataprotection-permissions-priv-esc(66323)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66323"
          },
          {
            "name": "ADV-2011-0783",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0783"
          },
          {
            "name": "43893",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43893"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-03-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "47036",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47036"
        },
        {
          "name": "20110325 ESA-2011-010: EMC Data Protection Advisor Collector arbitrary code execution with elevated privileges vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/517179/100/0/threaded"
        },
        {
          "name": "8169",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8169"
        },
        {
          "name": "1025253",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1025253"
        },
        {
          "name": "emc-dataprotection-permissions-priv-esc(66323)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66323"
        },
        {
          "name": "ADV-2011-0783",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0783"
        },
        {
          "name": "43893",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43893"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2011-1420",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "47036",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47036"
            },
            {
              "name": "20110325 ESA-2011-010: EMC Data Protection Advisor Collector arbitrary code execution with elevated privileges vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/517179/100/0/threaded"
            },
            {
              "name": "8169",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8169"
            },
            {
              "name": "1025253",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1025253"
            },
            {
              "name": "emc-dataprotection-permissions-priv-esc(66323)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66323"
            },
            {
              "name": "ADV-2011-0783",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0783"
            },
            {
              "name": "43893",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43893"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2011-1420",
    "datePublished": "2011-03-28T16:00:00",
    "dateReserved": "2011-03-14T00:00:00",
    "dateUpdated": "2024-08-06T22:28:41.322Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2011-1420

CVE-2011-1420 (GCVE-0-2011-1420)

Tags

Sightings

Nomenclature