Sign-up

ID

VAR-202111-1839


CVE

CVE-2021-36318


TITLE

Dell EMC Avamar  Vulnerability regarding insufficient protection of authentication information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017061

DESCRIPTION

Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage. Dell EMC Avamar There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Rust: Multiple Vulnerabilities Date: October 16, 2022 Bugs: #870166, #831638, #821157, #807052, #782367 ID: 202210-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service. Background ========= A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/rust < 1.63.0-r1 >= 1.63.0-r1 2 dev-lang/rust-bin < 1.64.0 >= 1.64.0 Description ========== Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Rust users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/rust-1.63.0-r1" All Rust binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/rust-bin-1.64.0" In addition, users using Portage 3.0.38 or later should ensure that packages with Rust binaries have no vulnerable code statically linked into their binaries by rebuilding the @rust-rebuild set: # emerge --ask --oneshot --verbose @rust-rebuild References ========= [ 1 ] CVE-2021-28875 https://nvd.nist.gov/vuln/detail/CVE-2021-28875 [ 2 ] CVE-2021-28876 https://nvd.nist.gov/vuln/detail/CVE-2021-28876 [ 3 ] CVE-2021-28877 https://nvd.nist.gov/vuln/detail/CVE-2021-28877 [ 4 ] CVE-2021-28878 https://nvd.nist.gov/vuln/detail/CVE-2021-28878 [ 5 ] CVE-2021-28879 https://nvd.nist.gov/vuln/detail/CVE-2021-28879 [ 6 ] CVE-2021-29922 https://nvd.nist.gov/vuln/detail/CVE-2021-29922 [ 7 ] CVE-2021-31162 https://nvd.nist.gov/vuln/detail/CVE-2021-31162 [ 8 ] CVE-2021-36317 https://nvd.nist.gov/vuln/detail/CVE-2021-36317 [ 9 ] CVE-2021-36318 https://nvd.nist.gov/vuln/detail/CVE-2021-36318 [ 10 ] CVE-2021-42574 https://nvd.nist.gov/vuln/detail/CVE-2021-42574 [ 11 ] CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 [ 12 ] CVE-2022-21658 https://nvd.nist.gov/vuln/detail/CVE-2022-21658 [ 13 ] CVE-2022-36113 https://nvd.nist.gov/vuln/detail/CVE-2022-36113 [ 14 ] CVE-2022-36114 https://nvd.nist.gov/vuln/detail/CVE-2022-36114 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202210-09 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 1.89

sources: NVD: CVE-2021-36318 // JVNDB: JVNDB-2021-017061 // VULHUB: VHN-398202 // VULMON: CVE-2021-36318 // PACKETSTORM: 168756

AFFECTED PRODUCTS

vendor:dellmodel:emc avamar serverscope:eqversion:18.2

Trust: 1.0

vendor:dellmodel:emc avamar serverscope:eqversion:19.1

Trust: 1.0

vendor:dellmodel:emc avamar serverscope:eqversion:19.4

Trust: 1.0

vendor:dellmodel:emc avamar serverscope:eqversion:19.2

Trust: 1.0

vendor:dellmodel:emc avamar serverscope:eqversion:19.3

Trust: 1.0

vendor:デルmodel:dell emc avamar serverscope:eqversion: -

Trust: 0.8

vendor:デルmodel:dell emc avamar serverscope:eqversion:18.2

Trust: 0.8

vendor:デルmodel:dell emc avamar serverscope:eqversion:19.2

Trust: 0.8

vendor:デルmodel:dell emc avamar serverscope:eqversion:19.1

Trust: 0.8

vendor:デルmodel:dell emc avamar serverscope:eqversion:19.3

Trust: 0.8

vendor:デルmodel:dell emc avamar serverscope:eqversion:19.4

Trust: 0.8

sources: JVNDB: JVNDB-2021-017061 // NVD: CVE-2021-36318

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-36318
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2021-36318
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-36318
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202111-976
value: MEDIUM

Trust: 0.6

VULHUB: VHN-398202
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-36318
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-36318
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-398202
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-36318
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2021-017061
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398202 // VULMON: CVE-2021-36318 // JVNDB: JVNDB-2021-017061 // CNNVD: CNNVD-202111-976 // NVD: CVE-2021-36318 // NVD: CVE-2021-36318

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-532

Trust: 1.1

problemtype:Inadequate protection of credentials (CWE-522) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398202 // JVNDB: JVNDB-2021-017061 // NVD: CVE-2021-36318

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202111-976

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202111-976

PATCH

title:DSA-2021-204url:https://www.dell.com/support/kbdoc/000193369

Trust: 0.8

sources: JVNDB: JVNDB-2021-017061

EXTERNAL IDS

db:NVDid:CVE-2021-36318

Trust: 3.5

db:PACKETSTORMid:168756

Trust: 0.8

db:JVNDBid:JVNDB-2021-017061

Trust: 0.8

db:CNNVDid:CNNVD-202111-976

Trust: 0.6

db:VULHUBid:VHN-398202

Trust: 0.1

db:VULMONid:CVE-2021-36318

Trust: 0.1

sources: VULHUB: VHN-398202 // VULMON: CVE-2021-36318 // JVNDB: JVNDB-2021-017061 // PACKETSTORM: 168756 // CNNVD: CNNVD-202111-976 // NVD: CVE-2021-36318

REFERENCES

url:https://security.gentoo.org/glsa/202210-09

Trust: 1.8

url:https://www.dell.com/support/kbdoc/000193369

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-36318

Trust: 1.5

url:https://packetstormsecurity.com/files/168756/gentoo-linux-security-advisory-202210-09.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/dell-emc-avamar-three-vulnerabilities-36846

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/522.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-21658

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-29922

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28877

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28876

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-36317

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-36113

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28878

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28875

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-28879

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-42574

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-42694

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-36114

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-31162

Trust: 0.1

sources: VULHUB: VHN-398202 // VULMON: CVE-2021-36318 // JVNDB: JVNDB-2021-017061 // PACKETSTORM: 168756 // CNNVD: CNNVD-202111-976 // NVD: CVE-2021-36318

CREDITS

Gentoo

Trust: 0.1

sources: PACKETSTORM: 168756

SOURCES

db:VULHUBid:VHN-398202
db:VULMONid:CVE-2021-36318
db:JVNDBid:JVNDB-2021-017061
db:PACKETSTORMid:168756
db:CNNVDid:CNNVD-202111-976
db:NVDid:CVE-2021-36318

LAST UPDATE DATE

2024-08-14T12:51:08.210000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398202date:2022-11-07T00:00:00
db:VULMONid:CVE-2021-36318date:2022-01-05T00:00:00
db:JVNDBid:JVNDB-2021-017061date:2022-12-28T05:46:00
db:CNNVDid:CNNVD-202111-976date:2022-10-18T00:00:00
db:NVDid:CVE-2021-36318date:2022-11-07T18:58:49.097

SOURCES RELEASE DATE

db:VULHUBid:VHN-398202date:2021-12-21T00:00:00
db:VULMONid:CVE-2021-36318date:2021-12-21T00:00:00
db:JVNDBid:JVNDB-2021-017061date:2022-12-28T00:00:00
db:PACKETSTORMid:168756date:2022-10-17T15:13:47
db:CNNVDid:CNNVD-202111-976date:2021-11-10T00:00:00
db:NVDid:CVE-2021-36318date:2021-12-21T17:15:08.100