Vulnerability Note VU#407641
EMC Legato NetWorker database services use insufficient authentication
The EMC Legato NetWorker database services use weak authentication, allowing a remote attacker to gain root access to the server.
EMC Legato NetWorker is a cross-platform backup and recovery application. It is also repackaged by Sun Microsystems as Solstice Backup and StorEdge Enterprise Backup, by FSC as Fujitsu Siemens Computers' NetWorker, by NEC as WebSAM NetWorker Powered by Legato, and by Fujitsu as NetWorker.
NetWorker database services
An unauthenticated, remote attacker could execute arbitrary commands on the NetWorker server as root. Once the NetWorker server has been compromised, any NetWorker client machine could in turn be compromised.
Apply a patch or upgrade
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|EMC Software||Affected||03 Jun 2005||16 Aug 2005|
|Fujitsu Limited||Affected||15 Aug 2005||24 Aug 2005|
|NEC||Affected||15 Aug 2005||24 Aug 2005|
|Sun Microsystems, Inc.||Affected||12 Jul 2005||19 Sep 2005|
CVSS Metrics (Learn More)
Thanks to the NOAA NCIRT Lab for reporting this vulnerability.
This document was written by Will Dormann.
- CVE IDs: CAN-2005-0358
- Date Public: 16 Aug 2005
- Date First Published: 16 Aug 2005
- Date Last Updated: 04 Oct 2005
- Severity Metric: 14.63
- Document Revision: 27
If you have feedback, comments, or additional information about this vulnerability, please send us email.