Lucene search

CertccCVE-2005-0357

HistoryAug 23, 2005 - 4:00 a.m.

CVE-2005-0357

2005-08-2304:00:00

certcc

web.nvd.nist.gov

cve-2005-0357

emc

sun

storedge

networker

solstice backup

enterprise backup

authentication

remote attack

privilege escalation

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

73.6%

JSON

EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.

Affected configurations

Nvd

Node

emclegato_networkerMatch4.2.2

emclegato_networkerMatch6.0

emclegato_networkerMatch6.1

emclegato_networkerMatch7.2

emclegato_networkerMatch7.13

sunsolstice_backupMatch6.0

sunsolstice_backupMatch6.1

sunstoredge_enterprise_backup_softwareMatch7.0

sunstoredge_enterprise_backup_softwareMatch7.1

sunstoredge_enterprise_backup_softwareMatch7.2

VendorProductVersionCPE
emclegato_networker4.2.2cpe:2.3:a:emc:legato_networker:4.2.2:*:*:*:*:*:*:*
emclegato_networker6.0cpe:2.3:a:emc:legato_networker:6.0:*:*:*:*:*:*:*
emclegato_networker6.1cpe:2.3:a:emc:legato_networker:6.1:*:*:*:*:*:*:*
emclegato_networker7.2cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*
emclegato_networker7.13cpe:2.3:a:emc:legato_networker:7.13:*:*:*:*:*:*:*
sunsolstice_backup6.0cpe:2.3:a:sun:solstice_backup:6.0:*:*:*:*:*:*:*
sunsolstice_backup6.1cpe:2.3:a:sun:solstice_backup:6.1:*:*:*:*:*:*:*
sunstoredge_enterprise_backup_software7.0cpe:2.3:a:sun:storedge_enterprise_backup_software:7.0:*:*:*:*:*:*:*
sunstoredge_enterprise_backup_software7.1cpe:2.3:a:sun:storedge_enterprise_backup_software:7.1:*:*:*:*:*:*:*
sunstoredge_enterprise_backup_software7.2cpe:2.3:a:sun:storedge_enterprise_backup_software:7.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	legato_networker	4.2.2	cpe:2.3:a:emc:legato_networker:4.2.2:::::::*
emc	legato_networker	6.0	cpe:2.3:a:emc:legato_networker:6.0:::::::*
emc	legato_networker	6.1	cpe:2.3:a:emc:legato_networker:6.1:::::::*
emc	legato_networker	7.2	cpe:2.3:a:emc:legato_networker:7.2:::::::*
emc	legato_networker	7.13	cpe:2.3:a:emc:legato_networker:7.13:::::::*
sun	solstice_backup	6.0	cpe:2.3:a:sun:solstice_backup:6.0:::::::*
sun	solstice_backup	6.1	cpe:2.3:a:sun:solstice_backup:6.1:::::::*
sun	storedge_enterprise_backup_software	7.0	cpe:2.3:a:sun:storedge_enterprise_backup_software:7.0:::::::*
sun	storedge_enterprise_backup_software	7.1	cpe:2.3:a:sun:storedge_enterprise_backup_software:7.1:::::::*
sun	storedge_enterprise_backup_software	7.2	cpe:2.3:a:sun:storedge_enterprise_backup_software:7.2:::::::*

References

secunia.com/advisories/16464

secunia.com/advisories/16470

securitytracker.com/id?1014713

sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1

www.kb.cert.org/vuls/id/606857

www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm

www.osvdb.org/18800

www.securityfocus.com/bid/14582

exchange.xforce.ibmcloud.com/vulnerabilities/21887

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

Low

EPSS

0.004

Percentile

73.6%

JSON

Related for CVE-2005-0357