EMC Data Domain Os 5.5.3.3 Remote Code Execution Vulnerability
20 Jul. 2016
Summary
EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via vectors.
Vulnerable Systems:
* EMC Data Domain Os 5.5.3.3
* EMC Data Domain Os 5.6.1.0
* EMC Data Domain Os 5.7.1.0
A vulnerability was reported in EMC Data Domain. A local user can obtain elevated privileges on the target system.
A local user can access a file on the target system that contains session identifiers for users logged in via the graphical user interface (GUI). A local user can exploit this to gain elevated privileges on the target system.