SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   EMC NetWorker Vendors:   Legato Systems, Inc.
Legato NetWorker Backup System Discloses Network Appliance (NetApp) Password When Backing Up NetApp
SecurityTracker Alert ID:  1003183
SecurityTracker URL:  http://securitytracker.com/id/1003183
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 10 2002
Impact:   Disclosure of authentication information
Exploit Included:  Yes  
Version(s): Tested on Networker 6.1 for Solaris 7 & NetApp DataONTAP 6.0.3
Description:   An information disclosure vulnerability was reported in Legato's NetWorker backup system. A local user on the host running NetWorker can view the Network Appliance username and password.

It is reported that when the NetWorker Network Data Management Protocol (NDMP) is used to backup a Network Appliance (NetApp) filer, the NetApp username and password is stored in plain text in a file that is readable by all users on the system.

The information is apparently written to the /nsr/logs/daemon.log file with 755 permissions (world readable).

An example of the file contents is shown below (this information has been partially sanitized):

01/08/02 10:20:40 nsrd: savegroup info: starting netapp (with 1 client(s))
application information: HIST=y;
auth index: netapp;
auth index name space: backup, 1;
auth level: full;
auth mode: save;
auth server: server;
auth ssname: /vol/vol0;
auth ssname long: /vol/vol0;
auth sstime: 10xxxxxx;
auth sstime 64-bit: 10xxxxx;
client id: \
xxxxxxxxxxxxx;
groups: netapp;
hard session limit: 1;
hostname: server;
locale: C;
ndmp: Yes;
password: password;
remote user: root;
store index entries: Yes;
volume pool: netapp;

Impact:   A local user on the host running NetWorker can view the Network Appliance username and password.
Solution:   No solution was available at the time of this entry.
Vendor URL:  portal2.legato.com/products/networker/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (NT), Windows (2000), Windows (XP)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(A User Reports That a Fix is Available) Re: Legato NetWorker Backup System Discloses Network Appliance (NetApp) Password When Backing Up NetApp
A user reports that a fix is available.



 Source Message Contents

Subject:  Legato Vulnerable


Scenario is Legato Networker with one drive as NDMP to Backup Netapp.
When u start the group to backup Netapp using NDMP drive ,in 
/nsr/logs/daemon.log it writes all the info including username & 
passwd(clear text) for NetApp (usually it will root )
As any one can read this file ,so that he can mess up NetApp.
I Moved /nsr dir & stop & restarted Networker ,it will recreate /nsr dir 
with 755 perm.
This is seriously vulnerable to NetApp.
I masked few variables from my log file.
Solaris7, Networker 6.1 & NetApp  DataONTAP 6.0.3.

Ex:
01/08/02 10:20:40 nsrd: savegroup info: starting netapp (with 1 client(s))
     application information: HIST=y;
                  auth index: netapp;
       auth index name space: backup, 1;
                  auth level: full;
                   auth mode: save;
                 auth server: server;
                 auth ssname: /vol/vol0;
            auth ssname long: /vol/vol0;
                 auth sstime: 10xxxxxx;
          auth sstime 64-bit: 10xxxxx;
                   client id: \
xxxxxxxxxxxxx;
                      groups: netapp;
          hard session limit: 1;
                    hostname: server;
                      locale: C;
                        ndmp: Yes;
                    password: password;
                 remote user: root;
         store index entries: Yes;
                 volume pool: netapp;


_________________________________________________________________
http://www.hotmail.com

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC