| Vulnerability Name: | CVE-2005-0359 (CCN-21893) | ||||||||
| Assigned: | 2005-08-16 | ||||||||
| Published: | 2005-08-16 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service. | ||||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-0359 Source: CCN Type: SA16464 Legato NetWorker Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 16464 Source: CCN Type: SA16470 Sun StorEdge Enterprise Backup Vulnerabilities Source: SECUNIA Type: Vendor Advisory 16470 Source: CCN Type: SECTRACK ID: 1014713 Legato NetWorker AUTH_UNIX, Database, and Portmapper Authentication Can Be Bypassed By Remote Users Source: SECTRACK Type: Patch 1014713 Source: CCN Type: Sun Alert ID: 101886 Security Vulnerabilities in the Sun StorEdge Enterprise Backup Software Source: SUNALERT Type: Patch, Vendor Advisory 101886 Source: CCN Type: CIAC INFORMATION BULLETIN p-281 Security Vulnerabilities in the Sun StorEdge Enterprise Backup Software Source: CCN Type: US-CERT VU#801089 EMC Legato NetWorker portmapper allows remote calls to pmap_set and pmap_unset Source: CERT-VN Type: Patch, Third Party Advisory, US Government Resource VU#801089 Source: CCN Type: Legato Technical Product Alert August 16, 2005 Legato PortMapper and Remote RPC Access Source: CONFIRM Type: Patch http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm Source: OSVDB Type: UNKNOWN 18802 Source: CCN Type: OSVDB ID: 18802 Legato NetWorker lgtomapper Unauthorized RPC Service Unregister DoS Source: BID Type: Patch 14582 Source: CCN Type: BID-14582 EMC Legato Networker Multiple Vulnerabilities Source: XF Type: UNKNOWN legato-portmapper-obtain-information(21893) Source: XF Type: UNKNOWN legato-portmapper-obtain-information(21893) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||