The EMC Legato NetWorker database services use weak authentication, allowing a remote attacker to gain root access to the server.
EMC Legato NetWorker is a cross-platform backup and recovery application. It is also repackaged by Sun Microsystems as Solstice Backup and StorEdge Enterprise Backup, by FSC as Fujitsu Siemens Computers' NetWorker, by NEC as WebSAM NetWorker Powered by Legato, and by Fujitsu as NetWorker.
NetWorker database services
An unauthenticated, remote attacker could execute arbitrary commands on the NetWorker server as root. Once the NetWorker server has been compromised, any NetWorker client machine could in turn be compromised.
Apply a patch or upgrade
Sun Microsystems, Inc.
Thanks to the NOAA NCIRT Lab for reporting this vulnerability.
This document was written by Will Dormann.
|Date First Published:||2005-08-16|
|Date Last Updated:||2005-10-04 18:43 UTC|