SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   EMC NetWorker Vendors:   EMC, Legato Systems, Inc.
Legato NetWorker AUTH_UNIX, Database, and Portmapper Authentication Can Be Bypassed By Remote Users
SecurityTracker Alert ID:  1014713
SecurityTracker URL:  http://securitytracker.com/id/1014713
CVE Reference:   CVE-2005-0357, CVE-2005-0358, CVE-2005-0359   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Aug 16 2005
Impact:   Disclosure of system information, Disclosure of user information, Root access via local system, Root access via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in Legato NetWorker in the authentication mechanism. A remote user may be able to bypass the authentication process.

The AUTH_UNIX authentication mechanism used for RPC service authentication does not sufficiently authenticate remote users [CVE-2005-0357]. A remote user can spoof the username to bypass the authentication mechanism used by nwadmin, nsradmin, and nsrports. A remote user can also spoof the UID to bypass the authentication mechanism used by recover and nsrexecd.

As a result, a remote user can execute arbitrary commands on the target client system, view or modify the server configuration, modify the ports used by NetWorker, and view files that have been backed up by other NetWorker clients. A local user may also be able to gain elevated privileges on the target system.

A remote user can modify the database access token to gain administrative privileges [CVE-2005-0358]. This allows the remote user to execute arbitrary commands on the target NetWorker server with root privileges and to compromise target NetWorker clients.

A remote user can access the Legato PortMapper (lgtomapper) and issue pmap_set and pmap_unset calls [CVE-2005-0358]. A remote user can unregister existing NetWorker RPC services or register new RPC services. This may cause denial of service conditions or may allow the user to monitor NetWorker process communications.

The vendor's advisories are available at:

http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm
http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm
http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm

Impact:   A remote user can execute arbitrary commands on the target client system, view or modify the server configuration, modify the ports used by NetWorker, and view files that have been backed up by other NetWorker clients.

A remote user can execute arbitrary commands on the target NetWorker server with root privileges.

A remote user can cause denial of service conditions.

A remote user can monitor NetWorker process communications.

A local user may be able to gain elevated privileges on the target system.

Solution:   The vendor has issued hotfixes (Patch LGTpa78968, LGTpa78969, LGTpa74792), available at:

http://www.legato.com/support/websupport/patches_updates/networker_security_hotfix.htm

A fix will be included in the next release of EMC Legato NetWorker, planned for general availability in Q4 of 2005.

Vendor URL:  www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (macOS/OS X), UNIX (SGI/IRIX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 17 2005 (Sun Issues Fix for StorEdge) Legato NetWorker AUTH_UNIX, Database, and Portmapper Authentication Can Be Bypassed By Remote Users
Sun StorEdge Enterprise Backup Software products are affected by this vulnerability. Sun has issued fixes.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC