ID CVE-2002-0113
Summary EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.
References
Vulnerable Configurations
  • EMC NetWorker 6.1
    cpe:2.3:a:emc:networker:6.1
CVSS
Base: 4.6 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family FreeBSD Local Security Checks
NASL id FREEBSD_PKG_D177D9F9E31711D9808800123F0F7307.NASL
description Insecure file permissions, network access control and DNS usage put systems that use Legato NetWorker at risk. When the software is running, several files that contain sensitive information are created with insecure permissions. The information exposed include passwords and can therefore be used for privilege elevation. An empty 'servers' file, which should normally contain hostnames of authorized backup servers, may allow unauthorized backups to be made. Sensitive information can be extracted from these backups. When reverse DNS fails for the Legato client IP a weak authorization scheme, containing a flaw that allows unauthorized access, is used. This may allow unauthorized access.
last seen 2019-02-21
modified 2016-12-08
plugin id 56496
published 2011-10-14
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=56496
title FreeBSD : nwclient -- multiple vulnerabilities (d177d9f9-e317-11d9-8088-00123f0f7307)
refmap via4
bid 3840
bugtraq 20020110 Legato Vulnerable
xf legato-nsrd-log-permissions(7897)
Last major update 29-03-2012 - 21:14
Published 25-03-2002 - 00:00
Back to Top