The EMC Legato NetWorker PortMapper allows remote access to pmap_set and pmap_unset. This could allow a remote attacker to cause a denial of service or potentially to eavesdrop on communications between NetWorker programs.
EMC Legato NetWorker is a cross-platform backup and recovery application. It is also repackaged by Sun Microsystems as Solstice Backup and StorEdge Enterprise Backup, by FSC as Fujitsu Siemens Computers' NetWorker, by NEC as WebSAM NetWorker Powered by Legato, and by Fujitsu as NetWorker.
A remote unauthenticated attacker may be able to create a denial-of-service condition by unregistering NetWorker services. An attacker may be able to eavesdrop on NetWorker process communications by registering a new RPC service.
Apply a patch or upgrade
Sun Microsystems, Inc.
Thanks to the NOAA NCIRT Lab for reporting this vulnerability.
This document was written by Will Dormann.
|Date First Published:||2005-08-16|
|Date Last Updated:||2005-09-19 15:11 UTC|