CVE-2013-0940
First published: Fri May 03 2013(Updated: )
The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and 8.x before 8.0.1.4 sets weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NetWorker | <=7.6.5.2 | |
| NetWorker | =6.0 | |
| NetWorker | =6.1 | |
| NetWorker | =7.0 | |
| NetWorker | =7.2 | |
| NetWorker | =7.3 | |
| NetWorker | =7.3.2 | |
| NetWorker | =7.4 | |
| NetWorker | =7.4-sp1 | |
| NetWorker | =7.4-sp2 | |
| NetWorker | =7.4-sp3 | |
| NetWorker | =7.4-sp4 | |
| NetWorker | =7.4-sp5 | |
| NetWorker | =7.4.5.4 | |
| NetWorker | =7.4.5.5 | |
| NetWorker | =7.4.5.6 | |
| NetWorker | =7.4.5.10 | |
| NetWorker | =7.5 | |
| NetWorker | =7.5-sp1 | |
| NetWorker | =7.5-sp2 | |
| NetWorker | =7.5-sp3 | |
| NetWorker | =7.5.2.0 | |
| NetWorker | =7.5.2.1 | |
| NetWorker | =7.5.2.2 | |
| NetWorker | =7.5.2.3 | |
| NetWorker | =7.5.2.4 | |
| NetWorker | =7.5.3 | |
| NetWorker | =7.5.3.1 | |
| NetWorker | =7.5.3.2 | |
| NetWorker | =7.5.3.3 | |
| NetWorker | =7.5.3.4 | |
| NetWorker | =7.5.3.5 | |
| NetWorker | =7.5.4 | |
| NetWorker | =7.5.4.1 | |
| NetWorker | =7.5.4.2 | |
| NetWorker | =7.5.4.3 | |
| NetWorker | =7.5.4.4 | |
| NetWorker | =7.5.4.5 | |
| NetWorker | =7.5.4.6 | |
| NetWorker | =7.5.4.7 | |
| NetWorker | =7.6.0.2 | |
| NetWorker | =7.6.0.3 | |
| NetWorker | =7.6.0.4 | |
| NetWorker | =7.6.0.5 | |
| NetWorker | =7.6.0.6 | |
| NetWorker | =7.6.0.7 | |
| NetWorker | =7.6.0.8 | |
| NetWorker | =7.6.0.9 | |
| NetWorker | =7.6.1 | |
| NetWorker | =7.6.1.1 | |
| NetWorker | =7.6.1.2 | |
| NetWorker | =7.6.1.3 | |
| NetWorker | =7.6.1.4 | |
| NetWorker | =7.6.1.5 | |
| NetWorker | =7.6.3 | |
| NetWorker | =7.6.4 | |
| NetWorker | =7.6.4.1 | |
| NetWorker | =7.6.4.2 | |
| NetWorker | =7.6.4.3 | |
| NetWorker | =7.6.4.4 | |
| NetWorker | =7.6.4.5 | |
| NetWorker | =7.6.5 | |
| NetWorker | =8.0 | |
| NetWorker | =8.0.0.1 | |
| NetWorker | =8.0.0.2 | |
| NetWorker | =8.0.0.3 | |
| NetWorker | =8.0.0.4 | |
| NetWorker | =8.0.0.5 | |
| NetWorker | =8.0.0.6 | |
| NetWorker | =8.0.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2013-0940?
CVE-2013-0940 has a medium severity rating due to the weak permissions set by the nsrpush process in EMC NetWorker.
How do I fix CVE-2013-0940?
To fix CVE-2013-0940, upgrade EMC NetWorker to version 7.6.5.3 or later, or 8.0.1.4 or later.
Which versions of EMC NetWorker are affected by CVE-2013-0940?
CVE-2013-0940 affects EMC NetWorker versions earlier than 7.6.5.3 and certain versions in the 8.x series prior to 8.0.1.4.
Can local users exploit CVE-2013-0940?
Yes, local users can exploit CVE-2013-0940 to gain additional privileges due to the weak file permissions.
What components are primarily involved in CVE-2013-0940?
The nsrpush process in the EMC NetWorker client is primarily involved in CVE-2013-0940's vulnerability.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/emc
- canonical/networker
- version/networker/7.6.5.2
- version/networker/6.0
- version/networker/6.1
- version/networker/7.0
- version/networker/7.2
- version/networker/7.3
- version/networker/7.3.2
- version/networker/7.4
- version/networker/7.4-sp1
- version/networker/7.4-sp2
- version/networker/7.4-sp3
- version/networker/7.4-sp4
- version/networker/7.4-sp5
- version/networker/7.4.5.4
- version/networker/7.4.5.5
- version/networker/7.4.5.6
- version/networker/7.4.5.10
- version/networker/7.5
- version/networker/7.5-sp1
- version/networker/7.5-sp2
- version/networker/7.5-sp3
- version/networker/7.5.2.0
- version/networker/7.5.2.1
- version/networker/7.5.2.2
- version/networker/7.5.2.3
- version/networker/7.5.2.4
- version/networker/7.5.3
- version/networker/7.5.3.1
- version/networker/7.5.3.2
- version/networker/7.5.3.3
- version/networker/7.5.3.4
- version/networker/7.5.3.5
- version/networker/7.5.4
- version/networker/7.5.4.1
- version/networker/7.5.4.2
- version/networker/7.5.4.3
- version/networker/7.5.4.4
- version/networker/7.5.4.5
- version/networker/7.5.4.6
- version/networker/7.5.4.7
- version/networker/7.6.0.2
- version/networker/7.6.0.3
- version/networker/7.6.0.4
- version/networker/7.6.0.5
- version/networker/7.6.0.6
- version/networker/7.6.0.7
- version/networker/7.6.0.8
- version/networker/7.6.0.9
- version/networker/7.6.1
- version/networker/7.6.1.1
- version/networker/7.6.1.2
- version/networker/7.6.1.3
- version/networker/7.6.1.4
- version/networker/7.6.1.5
- version/networker/7.6.3
- version/networker/7.6.4
- version/networker/7.6.4.1
- version/networker/7.6.4.2
- version/networker/7.6.4.3
- version/networker/7.6.4.4
- version/networker/7.6.4.5
- version/networker/7.6.5
- version/networker/8.0
- version/networker/8.0.0.1
- version/networker/8.0.0.2
- version/networker/8.0.0.3
- version/networker/8.0.0.4
- version/networker/8.0.0.5
- version/networker/8.0.0.6
- version/networker/8.0.1.3