Lucene search

CertccCVE-2005-0359

HistoryAug 23, 2005 - 4:00 a.m.

CVE-2005-0359

2005-08-2304:00:00

certcc

web.nvd.nist.gov

cve-2005-0359

legato

portmapper

access restriction

bypass

emc

networker

solstice backup

storedge enterprise backup

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

AI Score

6.4

Confidence

Low

EPSS

0.022

Percentile

89.5%

JSON

The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.

Affected configurations

Nvd

Node

emclegato_networkerMatch4.2.2

emclegato_networkerMatch6.0

emclegato_networkerMatch6.1

emclegato_networkerMatch7.2

emclegato_networkerMatch7.13

sunsolstice_backupMatch6.0

sunsolstice_backupMatch6.1

sunstoredge_enterprise_backup_softwareMatch7.0

sunstoredge_enterprise_backup_softwareMatch7.1

sunstoredge_enterprise_backup_softwareMatch7.2

VendorProductVersionCPE
emclegato_networker4.2.2cpe:2.3:a:emc:legato_networker:4.2.2:*:*:*:*:*:*:*
emclegato_networker6.0cpe:2.3:a:emc:legato_networker:6.0:*:*:*:*:*:*:*
emclegato_networker6.1cpe:2.3:a:emc:legato_networker:6.1:*:*:*:*:*:*:*
emclegato_networker7.2cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*
emclegato_networker7.13cpe:2.3:a:emc:legato_networker:7.13:*:*:*:*:*:*:*
sunsolstice_backup6.0cpe:2.3:a:sun:solstice_backup:6.0:*:*:*:*:*:*:*
sunsolstice_backup6.1cpe:2.3:a:sun:solstice_backup:6.1:*:*:*:*:*:*:*
sunstoredge_enterprise_backup_software7.0cpe:2.3:a:sun:storedge_enterprise_backup_software:7.0:*:*:*:*:*:*:*
sunstoredge_enterprise_backup_software7.1cpe:2.3:a:sun:storedge_enterprise_backup_software:7.1:*:*:*:*:*:*:*
sunstoredge_enterprise_backup_software7.2cpe:2.3:a:sun:storedge_enterprise_backup_software:7.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
emc	legato_networker	4.2.2	cpe:2.3:a:emc:legato_networker:4.2.2:::::::*
emc	legato_networker	6.0	cpe:2.3:a:emc:legato_networker:6.0:::::::*
emc	legato_networker	6.1	cpe:2.3:a:emc:legato_networker:6.1:::::::*
emc	legato_networker	7.2	cpe:2.3:a:emc:legato_networker:7.2:::::::*
emc	legato_networker	7.13	cpe:2.3:a:emc:legato_networker:7.13:::::::*
sun	solstice_backup	6.0	cpe:2.3:a:sun:solstice_backup:6.0:::::::*
sun	solstice_backup	6.1	cpe:2.3:a:sun:solstice_backup:6.1:::::::*
sun	storedge_enterprise_backup_software	7.0	cpe:2.3:a:sun:storedge_enterprise_backup_software:7.0:::::::*
sun	storedge_enterprise_backup_software	7.1	cpe:2.3:a:sun:storedge_enterprise_backup_software:7.1:::::::*
sun	storedge_enterprise_backup_software	7.2	cpe:2.3:a:sun:storedge_enterprise_backup_software:7.2:::::::*

References

secunia.com/advisories/16464

secunia.com/advisories/16470

securitytracker.com/id?1014713

sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1

www.kb.cert.org/vuls/id/801089

www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm

www.osvdb.org/18802

www.securityfocus.com/bid/14582

exchange.xforce.ibmcloud.com/vulnerabilities/21893

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

AI Score

6.4

Confidence

Low

EPSS

0.022

Percentile

89.5%

JSON

Related for CVE-2005-0359