CVE-2005-0358

EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token...

CVE-2005-0359

The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmapset and pmapunset commands, which allows remote attackers to 1 cause a denial of service by using pmapunset to un-register a NetWorker...

CVE-2005-0359

CVE-2005-0359 is documented in the connected Nessus plugins as affecting EMC Legato NetWorker and related Sun StorEdge/Sun Solstice/Informix Storage Manager products. The entries describe multiple vulnerabilities that can lead to denial of service, unauthorized access and remote command execution...

CVE-2005-0358

The provided documents confirm concrete details for CVE-2005-0358. Affected software includes EMC Legato Networker, Sun StorEdge Enterprise Backup, and related Solstice Backup line, with the root cause described as improper verification of authentication tokens that can allow remote privilege mod...

CVE-2005-0357

The CVE applies to EMC Legato NetWorker, Sun Solstice Backup 6.0–6.1, and StorEdge Enterprise Backup 7.0–7.2, which rely on AUTH_UNIX authentication based on user IDs. The underlying issue allows remote attackers to bypass authentication by spoofing a username or UID, enabling privilege escalatio...

[SA16464] Legato NetWorker Multiple Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

EMC Legato NetWorker database services use insufficient authentication

Overview The EMC Legato NetWorker database services use weak authentication, allowing a remote attacker to gain root access to the server. Description EMC Legato NetWorker is a cross-platform backup and recovery application. It is also repackaged by Sun Microsystems as Solstice Backup and StorEdg...

EMC Legato NetWorker uses weak AUTH_UNIX authentication

Overview EMC Legato NetWorker uses weak AUTHUNIX authentication, allowing a remote attacker to execute arbitrary commands, gain elevated privileges, or cause a denial of service. Description EMC Legato NetWorker is a cross-platform backup and recovery application. It is also repackaged by Sun...

EMC Legato NetWorker portmapper allows remote calls to "pmap_set" and "pmap_unset"

Overview The EMC Legato NetWorker PortMapper allows remote access to pmapset and pmapunset. This could allow a remote attacker to cause a denial of service or potentially to eavesdrop on communications between NetWorker programs. Description EMC Legato NetWorker is a cross-platform backup and...

Networker symlink problem

Symlink problem in shutdown script...

Networker 6.0 - possible symlink attack

product: networker 6.0 date: 19.01.2003 author: l0om [email protected] possible symlink attack in shutdown scribt the networker is a backup and storeage system from fujitsu siemens. the shutdown nsrshutdown scribt from networker version 6.0 contains a the following: zeroworklist ... rm -f...

CVE-2003-1528

nsrshutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrshPID temporary file...

CVE-2002-0114

EMC NetWorker formerly Legato NetWorker before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform...

CVE-2002-0113

EMC NetWorker formerly Legato NetWorker before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platfo...

CVE-2002-0113

EMC NetWorker formerly Legato NetWorker before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platfo...

CVE-2002-0113

CVE-2002-0113 concerns EMC NetWorker (formerly Legato NetWorker) before version 7.0. The affected component is the log storage path, where logs are written to “/nsr/logs/” with world-readable permissions, allowing local users to read potentially sensitive information and possibly gain privileges....

CVE-2002-0114

CVE-2002-0114 affects EMC NetWorker (Legato NetWorker) prior to version 7.0, where passwords are stored in plaintext in the daemon.log. This enables local users to gain privileges by reading the password from that file. The description notes the issue was originally reported for Legato NetWorker ...

CVE-2002-0114

EMC NetWorker formerly Legato NetWorker before 7.0 stores passwords in plaintext in the daemon.log file, which allows local users to gain privileges by reading the password from the file. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform...

CVE-2001-0910

CVE-2001-0910 affects Legato NetWorker prior to 6.1, where remote attackers could bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP, then connecting from an IP address whose hostname cannot be determined via reverse DNS. The provide...

CVE-2001-0910

Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup...