(A User Reports That a Fix is Available) Re: Legato NetWorker Backup System Discloses Network Appliance (NetApp) Password When Backing Up NetApp
SecurityTracker Alert ID: 1003187|
SecurityTracker URL: http://securitytracker.com/id/1003187
(Links to External Site)
Date: Jan 11 2002
Disclosure of authentication information|
Fix Available: Yes |
Version(s): Tested on Networker 6.1 for Solaris 7 & NetApp DataONTAP 6.0.3|
An information disclosure vulnerability was reported in Legato's NetWorker backup system. A local user on the host running NetWorker can view the Network Appliance username and password.|
It is reported that when the NetWorker Network Data Management Protocol (NDMP) is used to backup a Network Appliance (NetApp) filer, the NetApp username and password is stored in plain text in a file that is readable by all users on the system.
The information is apparently written to the /nsr/logs/daemon.log file with 755 permissions (world readable).
An example of the file contents is shown below (this information has been partially sanitized):
01/08/02 10:20:40 nsrd: savegroup info: starting netapp (with 1 client(s))
application information: HIST=y;
auth index: netapp;
auth index name space: backup, 1;
auth level: full;
auth mode: save;
auth server: server;
auth ssname: /vol/vol0;
auth ssname long: /vol/vol0;
auth sstime: 10xxxxxx;
auth sstime 64-bit: 10xxxxx;
client id: \
hard session limit: 1;
remote user: root;
store index entries: Yes;
volume pool: netapp;
A local user on the host running NetWorker can view the Network Appliance username and password.|
A user reports that a fix is available in version 6.1.1. They note that NetWorker will not change the permissions of an existing /nsr/logs directory, so that must be done manually. The user warns that the permissions of applogs should not be changed, because db-modules might run with non-root accounts.|
Vendor URL: portal2.legato.com/products/networker/ (Links to External Site)
Access control error|
|Underlying OS: Linux (Any), UNIX (Any), Windows (NT), Windows (2000), Windows (XP)|
This archive entry is a follow-up to the message listed below.|
Source Message Contents
Subject: Re: Legato Vulnerable|
This problem is fixed with the current version of NetWorker, 6.1.1.
NetWorker will also not change the permissions of an existing /nsr/logs
directory, you might change the permissions to 0700. Notice, you should
not change the permissions of applogs, because db-modules are might run
with non-root accounts.
Am Donnerstag den, 10. Januar 2002, um 19:00, schrieb Venkatesh babu
> Scenario is Legato Networker with one drive as NDMP to Backup Netapp.
> When u start the group to backup Netapp using NDMP drive ,in
> /nsr/logs/daemon.log it writes all the info including username &
> passwd(clear text) for NetApp (usually it will root )
> As any one can read this file ,so that he can mess up NetApp.
> I Moved /nsr dir & stop & restarted Networker ,it will recreate /nsr
> dir with 755 perm.
> This is seriously vulnerable to NetApp.
> I masked few variables from my log file.
> Solaris7, Networker 6.1 & NetApp DataONTAP 6.0.3.
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com