SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   EMC NetWorker Vendors:   Legato Systems, Inc.
(A User Reports That a Fix is Available) Re: Legato NetWorker Backup System Discloses Network Appliance (NetApp) Password When Backing Up NetApp
SecurityTracker Alert ID:  1003187
SecurityTracker URL:  http://securitytracker.com/id/1003187
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 11 2002
Impact:   Disclosure of authentication information
Fix Available:  Yes  
Version(s): Tested on Networker 6.1 for Solaris 7 & NetApp DataONTAP 6.0.3
Description:   An information disclosure vulnerability was reported in Legato's NetWorker backup system. A local user on the host running NetWorker can view the Network Appliance username and password.

It is reported that when the NetWorker Network Data Management Protocol (NDMP) is used to backup a Network Appliance (NetApp) filer, the NetApp username and password is stored in plain text in a file that is readable by all users on the system.

The information is apparently written to the /nsr/logs/daemon.log file with 755 permissions (world readable).

An example of the file contents is shown below (this information has been partially sanitized):

01/08/02 10:20:40 nsrd: savegroup info: starting netapp (with 1 client(s))
application information: HIST=y;
auth index: netapp;
auth index name space: backup, 1;
auth level: full;
auth mode: save;
auth server: server;
auth ssname: /vol/vol0;
auth ssname long: /vol/vol0;
auth sstime: 10xxxxxx;
auth sstime 64-bit: 10xxxxx;
client id: \
xxxxxxxxxxxxx;
groups: netapp;
hard session limit: 1;
hostname: server;
locale: C;
ndmp: Yes;
password: password;
remote user: root;
store index entries: Yes;
volume pool: netapp;

Impact:   A local user on the host running NetWorker can view the Network Appliance username and password.
Solution:   A user reports that a fix is available in version 6.1.1. They note that NetWorker will not change the permissions of an existing /nsr/logs directory, so that must be done manually. The user warns that the permissions of applogs should not be changed, because db-modules might run with non-root accounts.
Vendor URL:  portal2.legato.com/products/networker/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (NT), Windows (2000), Windows (XP)

Message History:   This archive entry is a follow-up to the message listed below.
Jan 10 2002 Legato NetWorker Backup System Discloses Network Appliance (NetApp) Password When Backing Up NetApp



 Source Message Contents

Subject:  Re: Legato Vulnerable


This problem is fixed with the current version of NetWorker, 6.1.1. 
NetWorker will also not change the permissions of an existing /nsr/logs 
directory, you might change the permissions to 0700. Notice, you should 
not change the permissions of applogs, because db-modules are might run 
with non-root accounts.

	Wolfgang

Am Donnerstag den, 10. Januar 2002, um 19:00, schrieb Venkatesh babu 
Sira:

> Scenario is Legato Networker with one drive as NDMP to Backup Netapp.
> When u start the group to backup Netapp using NDMP drive ,in 
> /nsr/logs/daemon.log it writes all the info including username & 
> passwd(clear text) for NetApp (usually it will root )
> As any one can read this file ,so that he can mess up NetApp.
> I Moved /nsr dir & stop & restarted Networker ,it will recreate /nsr 
> dir with 755 perm.
> This is seriously vulnerable to NetApp.
> I masked few variables from my log file.
> Solaris7, Networker 6.1 & NetApp  DataONTAP 6.0.3.
>


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC