Vulnerability Note VU#912217

Secure Elements Class 5 AVR client fails to properly validate pathnames supplied in messages

Overview

The Secure Elements Class 5 AVR client fails to properly validate pathnames supplied in messages, which may allow an attacker to overwrite any file on a vulnerable client as root.

I. Description

Class 5 AVR

Secure Elements Class 5 AVR (Automated Vulnerability Remediation) is a security product that monitors and enforces security policies on network assets. Class 5 AVR is now known as C5 EVM (Enterprise Vulnerability Management). The Class 5 AVR software includes both server and client components.

Class 5 AVR client

The Class 5 AVR client listens on 60000/udp and an additional tcp port. This client receives commands sent by the Class 5 AVR server.

Class 5 AVR server

The Class 5 AVR server is available as an appliance or as software that runs on commodity hardware. The Class 5 AVR server contains information about network assets, vulnerabilities, and remediation history.

The problem

The Class 5 AVR client fails to properly validate pathnames supplied in messages that it receives.

II. Impact

A remote attacker may be able to overwrite any file on a vulnerable client as root.

III. Solution

Upgrade or patch

This issue has been resolved in C5 EVM 2.8.1.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Secure Elements	Vulnerable	30-May-2006

References

http://www.secure-elements.com/products/index.htm

Credit

Thanks to the NOAA N-CIRT Lab for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

Date Public:	2006-05-30
Date First Published:	2006-05-30
Date Last Updated:	2006-06-06
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	0.99
Document Revision:	7

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information

Get Adobe Reader