Vulnerability Description
The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Legato Networker | 4.2.2 |
| Sun | Solstice Backup | 6.0 |
| Sun | Storedge Enterprise Backup Software | 7.0 |
References
- http://secunia.com/advisories/16464PatchVendor Advisory
- http://secunia.com/advisories/16470Vendor Advisory
- http://securitytracker.com/id?1014713Patch
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/801089PatchThird Party AdvisoryUS Government Resource
- http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htPatch
- http://www.osvdb.org/18802
- http://www.securityfocus.com/bid/14582Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21893
- http://secunia.com/advisories/16464PatchVendor Advisory
- http://secunia.com/advisories/16470Vendor Advisory
- http://securitytracker.com/id?1014713Patch
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1PatchVendor Advisory
- http://www.kb.cert.org/vuls/id/801089PatchThird Party AdvisoryUS Government Resource
- http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htPatch
FAQ
What is CVE-2005-0359?
CVE-2005-0359 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which a...
How severe is CVE-2005-0359?
CVE-2005-0359 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0359?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Legato Networker, Sun Solstice Backup, Sun Storedge Enterprise Backup Software.