CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
EPSS
Percentile
89.5%
The EMC Legato NetWorker PortMapper allows remote access to pmap_set
and pmap_unset
. This could allow a remote attacker to cause a denial of service or potentially to eavesdrop on communications between NetWorker programs.
EMC Legato NetWorker is a cross-platform backup and recovery application. It is also repackaged by Sun Microsystems as Solstice Backup and StorEdge Enterprise Backup, by FSC as Fujitsu Siemens Computers’ NetWorker, by NEC as WebSAM NetWorker Powered by Legato, and by Fujitsu as NetWorker.
Legato PortMapper
The Legato PortMapper, also known as lgtomapper
, is a service that listens on port 7938 and converts RPC program numbers into TCP or UDP protocol port numbers. The RPC pmap_set
command can be used to map a remote procedure call to a port. pmap_unset
destroys the mappings between a remote procedure call and a port.
The problem
With most portmapper implementations, the pmap_set
and pmap_unset
calls are restricted in ways such as only allowing connections from localhost
. The Legato PortMapper allows any host to call pmap_set
and pmap_unset
. This may allow a remote, unauthenticated attacker to unregister existing NetWorker RPC services or register new RPC services.
A remote unauthenticated attacker may be able to create a denial-of-service condition by unregistering NetWorker services. An attacker may be able to eavesdrop on NetWorker process communications by registering a new RPC service.
Apply a patch or upgrade
Apply a patch or upgrade, as specified in the EMC Legato Technical Product Alert.
Sun Solstice Backup and StorEdge Enterprise Backup customers should see Sun Alert 101866 for patch availability.
Restrict Access
You may wish to block access to the vulnerable software from outside your network perimeter, specifically by blocking access to the ports used by NetWorker (typically TCP and UDP ports 7937-9936). This will limit your exposure to attacks. However, blocking at the network perimeter would still allow attackers within the perimeter of your network to exploit the vulnerability. The use of host-based firewalls in addition to network-based firewalls can help restrict access to specific hosts within the network. It is important to understand your network’s configuration and service requirements before deciding what changes are appropriate.
801089
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: June 03, 2005 Updated: August 16, 2005
Affected
EMC has created - and made available to customers - a software patch
to fix the vulnerability identified in this advisory. The patch is
available for download at
<http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm>
An integrated resolution to this vulnerability will be
available in the next release of EMC Legato NetWorker, which is
planned to be generally available in Q4 of 2005.
The vendor has not provided us with any further information regarding this vulnerability.
US-CERT has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23801089 Feedback>).
Notified: August 15, 2005 Updated: August 24, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: August 15, 2005 Updated: August 24, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: July 12, 2005 Updated: September 19, 2005
Affected
Sun repackages the Legato Networker product as Sun StorEdge Enterprise Backup, and is affected by the vulnerability described in CERT VU#801089. Sun has published Sun Alert 101866 which is available here:
<http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1>
for this issue.
The Sun Alert contains details of patches which have been released for StorEdge Enterprise Backup version 7.1 and StorEdge Enterprise Backup version 7.2, which address this issue.
The vendor has not provided us with any further information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to the NOAA NCIRT Lab for reporting this vulnerability.
This document was written by Will Dormann.
CVE IDs: | CVE-2005-0359 |
---|---|
Severity Metric: | 3.66 Date Public: |
secunia.com/advisories/16464/
secunia.com/advisories/16470/
sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1
www.cnn.com/2005/TECH/internet/07/25/hackers.backup.software.reut/index.html
www.legato.com/products/networker/
www.legato.com/support/websupport/product_alerts/081605_NW-7x.htm
www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm
www.legato.com/support/websupport/tech_bulletins/?includefile=388.html#portmapper
www.securiteam.com/exploits/3E5Q3S0N5K.html
www.tldp.org/HOWTO/NIS-HOWTO/portmapper.html