Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Legato NetWorker AUTH_UNIX, Database, and Portmapper Authentication Can Be Bypassed By Remote Users
|
|
SecurityTracker Alert ID: 1014713
|
|
SecurityTracker URL: http://securitytracker.com/id?1014713
|
|
CVE Reference: CVE-2005-0357
, CVE-2005-0358
, CVE-2005-0359
(Links to External Site)
|
Updated: Jun 8 2008
|
Original Entry Date: Aug 16 2005
|
Impact: Disclosure of system information, Disclosure of user information, Root access via local system, Root access via network, User access via local system, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Description: Several vulnerabilities were reported in Legato NetWorker in the authentication mechanism. A remote user may be able to bypass the authentication process.
The AUTH_UNIX authentication mechanism used for RPC service authentication does not sufficiently authenticate remote users [CVE-2005-0357].
A remote user can spoof the username to bypass the authentication mechanism used by nwadmin, nsradmin, and nsrports. A remote
user can also spoof the UID to bypass the authentication mechanism used by recover and nsrexecd.
As a result, a remote user can
execute arbitrary commands on the target client system, view or modify the server configuration, modify the ports used by NetWorker,
and view files that have been backed up by other NetWorker clients. A local user may also be able to gain elevated privileges on
the target system.
A remote user can modify the database access token to gain administrative privileges [CVE-2005-0358]. This
allows the remote user to execute arbitrary commands on the target NetWorker server with root privileges and to compromise target
NetWorker clients.
A remote user can access the Legato PortMapper (lgtomapper) and issue pmap_set and pmap_unset calls [CVE-2005-0358].
A remote user can unregister existing NetWorker RPC services or register new RPC services. This may cause denial of service conditions
or may allow the user to monitor NetWorker process communications.
The vendor's advisories are available at:
http://www.legato.com/support/websupport/product_alerts
/081605_NW_authentication.htm
http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm
http://www.legato.com/support/websupport/produc
t_alerts/081605_NW_port_mapper.htm
|
Impact: A remote user can execute arbitrary commands on the target client system, view or modify the server configuration, modify the ports
used by NetWorker, and view files that have been backed up by other NetWorker clients.
A remote user can execute arbitrary commands
on the target NetWorker server with root privileges.
A remote user can cause denial of service conditions.
A remote user can
monitor NetWorker process communications.
A local user may be able to gain elevated privileges on the target system.
|
Solution: The vendor has issued hotfixes (Patch LGTpa78968, LGTpa78969, LGTpa74792), available at:
http://www.legato.com/support/websupport/patches_updates/networker_security_hot
fix.htm
A fix will be included in the next release of EMC Legato NetWorker, planned for general availability in Q4 of 2005.
|
Vendor URL: www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm (Links to External Site)
|
Cause: Authentication error
|
Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (OS X), UNIX (SGI/IRIX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 16 Aug 2005 13:32:29 -0400
Subject: http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm
|
> Authentication and nwadmin, nsradmin, nsrports
|
|
Go to the Top of This SecurityTracker Archive Page
|
