The Avamar affected client process runs as root and after each backup it leaves the cache files as world readable and writable. While the cache files themselves do not contain sensitive information, when the parent directory is world-writable, the cache files could be used by an attacker to elevate the privileges when a system-level backup is performed. The non-root user can create symbolic links to obtain unauthorized access to files on the affected system. Versions affected include EMC Avamar HP-UX Client 4.x, 5.x and 6.x, EMC Avamar Mac OS Client 4.x, 5.x and 6.x, and EMC Avamar Plugin for Oracle 4.x, 5.x and 6.x.
6d23b1eaba37b7441a5ae44384b647fe91db54567726e5da4f9dfce5acbcc994