Overview
The EMC Legato NetWorker database services use weak authentication, allowing a remote attacker to gain root access to the server.
Description
EMC Legato NetWorker is a cross-platform backup and recovery application. It is also repackaged by Sun Microsystems as Solstice Backup and StorEdge Enterprise Backup, by FSC as Fujitsu Siemens Computers' NetWorker, by NEC as WebSAM NetWorker Powered by Legato, and by Fujitsu as NetWorker. NetWorker database services |
Impact
An unauthenticated, remote attacker could execute arbitrary commands on the NetWorker server as root. Once the NetWorker server has been compromised, any NetWorker client machine could in turn be compromised. |
Solution
Apply a patch or upgrade |
|
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
- http://www.legato.com/support/websupport/product_alerts/081605_NW-7x.htm
- http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1
- http://www.legato.com/support/websupport/tech_bulletins/?includefile=388.html
- http://www.legato.com/products/networker/
- http://secunia.com/advisories/16464/
- http://secunia.com/advisories/16470/
- http://www.cnn.com/2005/TECH/internet/07/25/hackers.backup.software.reut/index.html
Acknowledgements
Thanks to the NOAA NCIRT Lab for reporting this vulnerability.
This document was written by Will Dormann.
Other Information
CVE IDs: | CVE-2005-0358 |
Severity Metric: | 14.63 |
Date Public: | 2005-08-16 |
Date First Published: | 2005-08-16 |
Date Last Updated: | 2005-10-04 18:43 UTC |
Document Revision: | 27 |