Vulnerability Note VU#801089
EMC Legato NetWorker portmapper allows remote calls to "pmap_set" and "pmap_unset"
The EMC Legato NetWorker PortMapper allows remote access to pmap_set and pmap_unset. This could allow a remote attacker to cause a denial of service or potentially to eavesdrop on communications between NetWorker programs.
EMC Legato NetWorker is a cross-platform backup and recovery application. It is also repackaged by Sun Microsystems as Solstice Backup and StorEdge Enterprise Backup, by FSC as Fujitsu Siemens Computers' NetWorker, by NEC as WebSAM NetWorker Powered by Legato, and by Fujitsu as NetWorker.
A remote unauthenticated attacker may be able to create a denial-of-service condition by unregistering NetWorker services. An attacker may be able to eavesdrop on NetWorker process communications by registering a new RPC service.
Apply a patch or upgrade
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|EMC Software||Affected||03 Jun 2005||16 Aug 2005|
|Fujitsu Limited||Affected||15 Aug 2005||24 Aug 2005|
|NEC||Affected||15 Aug 2005||24 Aug 2005|
|Sun Microsystems, Inc.||Affected||12 Jul 2005||19 Sep 2005|
CVSS Metrics (Learn More)
Thanks to the NOAA NCIRT Lab for reporting this vulnerability.
This document was written by Will Dormann.
- CVE IDs: CAN-2005-0359
- Date Public: 16 Aug 2005
- Date First Published: 16 Aug 2005
- Date Last Updated: 19 Sep 2005
- Severity Metric: 3.66
- Document Revision: 29
If you have feedback, comments, or additional information about this vulnerability, please send us email.