All the vulnerabilites related to emc - legato_networker
cve-2005-0359
Vulnerability from cvelistv5
Published
2005-08-20 04:00
Modified
2024-08-07 21:13
Severity ?
EPSS score ?
Summary
The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/801089 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/21893 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/16470 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/16464 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1014713 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/14582 | vdb-entry, x_refsource_BID | |
| http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm | x_refsource_CONFIRM | |
| http://www.osvdb.org/18802 | vdb-entry, x_refsource_OSVDB | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:53.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#801089",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/801089"
},
{
"name": "legato-portmapper-obtain-information(21893)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21893"
},
{
"name": "16470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16464"
},
{
"name": "1014713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm"
},
{
"name": "18802",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/18802"
},
{
"name": "101886",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#801089",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/801089"
},
{
"name": "legato-portmapper-obtain-information(21893)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21893"
},
{
"name": "16470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16464"
},
{
"name": "1014713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm"
},
{
"name": "18802",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/18802"
},
{
"name": "101886",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2005-0359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#801089",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/801089"
},
{
"name": "legato-portmapper-obtain-information(21893)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21893"
},
{
"name": "16470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16464"
},
{
"name": "1014713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14582"
},
{
"name": "http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm",
"refsource": "CONFIRM",
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm"
},
{
"name": "18802",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18802"
},
{
"name": "101886",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2005-0359",
"datePublished": "2005-08-20T04:00:00",
"dateReserved": "2005-02-11T00:00:00",
"dateUpdated": "2024-08-07T21:13:53.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0357
Vulnerability from cvelistv5
Published
2005-08-20 04:00
Modified
2024-08-07 21:13
Severity ?
EPSS score ?
Summary
EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/16470 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/16464 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/18800 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1014713 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/14582 | vdb-entry, x_refsource_BID | |
| http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm | x_refsource_CONFIRM | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1 | vendor-advisory, x_refsource_SUNALERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/21887 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/606857 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:53.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16464"
},
{
"name": "18800",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/18800"
},
{
"name": "1014713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm"
},
{
"name": "101886",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "legato-authunix-bypass-authentication(21887)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21887"
},
{
"name": "VU#606857",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/606857"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "16470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16464"
},
{
"name": "18800",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/18800"
},
{
"name": "1014713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm"
},
{
"name": "101886",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "legato-authunix-bypass-authentication(21887)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21887"
},
{
"name": "VU#606857",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/606857"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2005-0357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16464"
},
{
"name": "18800",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18800"
},
{
"name": "1014713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14582"
},
{
"name": "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm",
"refsource": "CONFIRM",
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm"
},
{
"name": "101886",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "legato-authunix-bypass-authentication(21887)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21887"
},
{
"name": "VU#606857",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/606857"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2005-0357",
"datePublished": "2005-08-20T04:00:00",
"dateReserved": "2005-02-11T00:00:00",
"dateUpdated": "2024-08-07T21:13:53.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3618
Vulnerability from cvelistv5
Published
2007-08-21 21:00
Modified
2024-08-07 14:21
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd."
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/3043 | third-party-advisory, x_refsource_SREASON | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-049.html | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2007/2931 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/477172/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/26517 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/25375 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36123 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/39744 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1018590 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3043",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3043"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-049.html"
},
{
"name": "ADV-2007-2931",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2931"
},
{
"name": "20070820 ZDI-07-049: EMC Legato Networker Remote Exec Service Stack Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477172/100/0/threaded"
},
{
"name": "26517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26517"
},
{
"name": "25375",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25375"
},
{
"name": "networker-nsrexecd-bo(36123)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36123"
},
{
"name": "39744",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39744"
},
{
"name": "1018590",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018590"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a \"long invalid subcmd.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3043",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3043"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-049.html"
},
{
"name": "ADV-2007-2931",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2931"
},
{
"name": "20070820 ZDI-07-049: EMC Legato Networker Remote Exec Service Stack Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477172/100/0/threaded"
},
{
"name": "26517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26517"
},
{
"name": "25375",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25375"
},
{
"name": "networker-nsrexecd-bo(36123)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36123"
},
{
"name": "39744",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39744"
},
{
"name": "1018590",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018590"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a \"long invalid subcmd.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3043",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3043"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-049.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-049.html"
},
{
"name": "ADV-2007-2931",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2931"
},
{
"name": "20070820 ZDI-07-049: EMC Legato Networker Remote Exec Service Stack Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477172/100/0/threaded"
},
{
"name": "26517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26517"
},
{
"name": "25375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25375"
},
{
"name": "networker-nsrexecd-bo(36123)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36123"
},
{
"name": "39744",
"refsource": "OSVDB",
"url": "http://osvdb.org/39744"
},
{
"name": "1018590",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018590"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3618",
"datePublished": "2007-08-21T21:00:00",
"dateReserved": "2007-07-06T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2754
Vulnerability from cvelistv5
Published
2010-03-05 16:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/38731 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/509793/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2010/0508 | vdb-entry, x_refsource_VUPEN | |
| http://www.ibm.com/support/docview.wss?uid=swg1IC55329 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.ibm.com/support/docview.wss?uid=swg1IC55330 | vendor-advisory, x_refsource_AIXAPAR | |
| http://www.zerodayinitiative.com/advisories/ZDI-10-023 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56586 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2010/0509 | vdb-entry, x_refsource_VUPEN | |
| http://knowledgebase.emc.com/emcice/login.do?sType=ax1990&sName=1204&id=emc183834 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/38472 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:57.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38731"
},
{
"name": "20100301 ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509793/100/0/threaded"
},
{
"name": "ADV-2010-0508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0508"
},
{
"name": "IC55329",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
},
{
"name": "IC55330",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-023"
},
{
"name": "ibm-ids-portmap-bo(56586)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56586"
},
{
"name": "ADV-2010-0509",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0509"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834"
},
{
"name": "38472",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38731"
},
{
"name": "20100301 ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509793/100/0/threaded"
},
{
"name": "ADV-2010-0508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0508"
},
{
"name": "IC55329",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
},
{
"name": "IC55330",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-023"
},
{
"name": "ibm-ids-portmap-bo(56586)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56586"
},
{
"name": "ADV-2010-0509",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0509"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834"
},
{
"name": "38472",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38472"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38731"
},
{
"name": "20100301 ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509793/100/0/threaded"
},
{
"name": "ADV-2010-0508",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0508"
},
{
"name": "IC55329",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
},
{
"name": "IC55330",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-023",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-023"
},
{
"name": "ibm-ids-portmap-bo(56586)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56586"
},
{
"name": "ADV-2010-0509",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0509"
},
{
"name": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834",
"refsource": "CONFIRM",
"url": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834"
},
{
"name": "38472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38472"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2754",
"datePublished": "2010-03-05T16:00:00",
"dateReserved": "2009-08-12T00:00:00",
"dateUpdated": "2024-08-07T05:59:57.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3659
Vulnerability from cvelistv5
Published
2006-01-18 02:00
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"name": "18615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"name": "20060117 EMC Legato Networker nsrd.exe DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375"
},
{
"name": "ADV-2006-0343",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"name": "18495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18495"
},
{
"name": "1015500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"name": "16275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"name": "ADV-2006-0233",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"name": "legato-nsrd-dos(24173)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24173"
},
{
"name": "102148",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"name": "18615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"name": "20060117 EMC Legato Networker nsrd.exe DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375"
},
{
"name": "ADV-2006-0343",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"name": "18495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18495"
},
{
"name": "1015500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"name": "16275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"name": "ADV-2006-0233",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"name": "legato-nsrd-dos(24173)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24173"
},
{
"name": "102148",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015545",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015545"
},
{
"name": "18615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18615"
},
{
"name": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm",
"refsource": "CONFIRM",
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"name": "20060117 EMC Legato Networker nsrd.exe DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375"
},
{
"name": "ADV-2006-0343",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"name": "18495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18495"
},
{
"name": "1015500",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015500"
},
{
"name": "16275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16275"
},
{
"name": "ADV-2006-0233",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"name": "legato-nsrd-dos(24173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24173"
},
{
"name": "102148",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"name": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT",
"refsource": "CONFIRM",
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3659",
"datePublished": "2006-01-18T02:00:00",
"dateReserved": "2005-11-18T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3658
Vulnerability from cvelistv5
Published
2006-01-18 02:00
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"name": "18615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"name": "20060117 EMC Legato Networker nsrd.exe Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373"
},
{
"name": "20060117 EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=374"
},
{
"name": "legato-nsrd-bo(24175)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24175"
},
{
"name": "ADV-2006-0343",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"name": "legato-nsrexecd-bo(24174)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24174"
},
{
"name": "18495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18495"
},
{
"name": "1015500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"name": "16275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"name": "ADV-2006-0233",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"name": "102148",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"name": "18615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"name": "20060117 EMC Legato Networker nsrd.exe Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373"
},
{
"name": "20060117 EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=374"
},
{
"name": "legato-nsrd-bo(24175)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24175"
},
{
"name": "ADV-2006-0343",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"name": "legato-nsrexecd-bo(24174)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24174"
},
{
"name": "18495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18495"
},
{
"name": "1015500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"name": "16275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"name": "ADV-2006-0233",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"name": "102148",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015545",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015545"
},
{
"name": "18615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18615"
},
{
"name": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm",
"refsource": "CONFIRM",
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"name": "20060117 EMC Legato Networker nsrd.exe Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373"
},
{
"name": "20060117 EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=374"
},
{
"name": "legato-nsrd-bo(24175)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24175"
},
{
"name": "ADV-2006-0343",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"name": "legato-nsrexecd-bo(24174)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24174"
},
{
"name": "18495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18495"
},
{
"name": "1015500",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015500"
},
{
"name": "16275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16275"
},
{
"name": "ADV-2006-0233",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"name": "102148",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"name": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT",
"refsource": "CONFIRM",
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3658",
"datePublished": "2006-01-18T02:00:00",
"dateReserved": "2005-11-18T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0358
Vulnerability from cvelistv5
Published
2005-08-20 04:00
Modified
2024-08-07 21:13
Severity ?
EPSS score ?
Summary
EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/407641 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/16470 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/16464 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1014713 | vdb-entry, x_refsource_SECTRACK | |
| http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/14582 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/21892 | vdb-entry, x_refsource_XF | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.osvdb.org/18801 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:53.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#407641",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/407641"
},
{
"name": "16470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16464"
},
{
"name": "1014713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm"
},
{
"name": "14582",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"name": "legato-token-gain-privileges(21892)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21892"
},
{
"name": "101886",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "18801",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/18801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#407641",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/407641"
},
{
"name": "16470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16464"
},
{
"name": "1014713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm"
},
{
"name": "14582",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"name": "legato-token-gain-privileges(21892)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21892"
},
{
"name": "101886",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "18801",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/18801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2005-0358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#407641",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/407641"
},
{
"name": "16470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16464"
},
{
"name": "1014713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm",
"refsource": "CONFIRM",
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm"
},
{
"name": "14582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14582"
},
{
"name": "legato-token-gain-privileges(21892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21892"
},
{
"name": "101886",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "18801",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2005-0358",
"datePublished": "2005-08-20T04:00:00",
"dateReserved": "2005-02-11T00:00:00",
"dateUpdated": "2024-08-07T21:13:53.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:02
Severity ?
Summary
Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | legato_networker | 7.1.1 | |
| emc | legato_networker | 7.1.2 | |
| emc | legato_networker | 7.1.3 | |
| emc | legato_networker | 7.2 | |
| emc | legato_networker | 7.2.1 | |
| emc | legato_networker | 7.2_build172 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66B0FBAD-32E2-44D1-8612-855C7A0AF1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93BF6BD6-FD86-46F8-908E-39CF2AB1929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEC9807-47E2-4915-91E7-96AA21FFFCD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2D787A-DCA0-45CE-A5C3-41850970B468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA00514-6EFF-4BE4-A49E-30C4FF42998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2_build172:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0DFF6E-6234-4C04-AD61-BDB52CFFF7EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe)."
}
],
"id": "CVE-2005-3658",
"lastModified": "2024-11-21T00:02:22.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18495"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18615"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=374"
},
{
"source": "cve@mitre.org",
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24174"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24175"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-23 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | legato_networker | 4.2.2 | |
| emc | legato_networker | 6.0 | |
| emc | legato_networker | 6.1 | |
| emc | legato_networker | 7.2 | |
| emc | legato_networker | 7.13 | |
| sun | solstice_backup | 6.0 | |
| sun | solstice_backup | 6.1 | |
| sun | storedge_enterprise_backup_software | 7.0 | |
| sun | storedge_enterprise_backup_software | 7.1 | |
| sun | storedge_enterprise_backup_software | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:legato_networker:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FC6877-29D3-49D7-AA40-CB860E5EA51C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BCC27A1-A233-4999-AEA8-C096079A717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70CC4877-2701-4AA1-B6CC-44FE6551D5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2D787A-DCA0-45CE-A5C3-41850970B468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "31C10A84-B508-4439-A0CD-F55EBB330077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:solstice_backup:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36599E72-B2A7-4D75-BD8D-CB7B7425BE06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:solstice_backup:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC13C5F-002B-4992-964D-035CCFE0A8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:storedge_enterprise_backup_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E6EB61-BE16-4575-9EFA-0FAC1C14490E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:storedge_enterprise_backup_software:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53247CF9-5E51-48AE-93D2-05CA93CC162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:storedge_enterprise_backup_software:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACB16BC-73BE-4071-9BCF-F5FFD3A196E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token."
}
],
"id": "CVE-2005-0358",
"lastModified": "2024-11-20T23:54:57.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-23T04:00:00.000",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16464"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16470"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/407641"
},
{
"source": "cret@cert.org",
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/18801"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/407641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/18801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21892"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-23 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | legato_networker | 4.2.2 | |
| emc | legato_networker | 6.0 | |
| emc | legato_networker | 6.1 | |
| emc | legato_networker | 7.2 | |
| emc | legato_networker | 7.13 | |
| sun | solstice_backup | 6.0 | |
| sun | solstice_backup | 6.1 | |
| sun | storedge_enterprise_backup_software | 7.0 | |
| sun | storedge_enterprise_backup_software | 7.1 | |
| sun | storedge_enterprise_backup_software | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:legato_networker:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FC6877-29D3-49D7-AA40-CB860E5EA51C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BCC27A1-A233-4999-AEA8-C096079A717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70CC4877-2701-4AA1-B6CC-44FE6551D5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2D787A-DCA0-45CE-A5C3-41850970B468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "31C10A84-B508-4439-A0CD-F55EBB330077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:solstice_backup:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36599E72-B2A7-4D75-BD8D-CB7B7425BE06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:solstice_backup:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC13C5F-002B-4992-964D-035CCFE0A8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:storedge_enterprise_backup_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E6EB61-BE16-4575-9EFA-0FAC1C14490E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:storedge_enterprise_backup_software:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53247CF9-5E51-48AE-93D2-05CA93CC162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:storedge_enterprise_backup_software:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACB16BC-73BE-4071-9BCF-F5FFD3A196E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service."
}
],
"id": "CVE-2005-0359",
"lastModified": "2024-11-20T23:54:57.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-23T04:00:00.000",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16464"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16470"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/801089"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/18802"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/801089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/18802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21893"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-21 21:17
Modified
2024-11-21 00:33
Severity ?
Summary
Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | legato_networker | 7.0 | |
| emc | legato_networker | 7.1.3 | |
| emc | legato_networker | 7.2 | |
| emc | legato_networker | 7.2.1 | |
| emc | legato_networker | 7.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA81FD4-EC81-4C0B-8479-C75AE7B7308A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEC9807-47E2-4915-91E7-96AA21FFFCD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2D787A-DCA0-45CE-A5C3-41850970B468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA00514-6EFF-4BE4-A49E-30C4FF42998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C981722C-80D7-4569-88BA-02CB4BA16DAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a \"long invalid subcmd.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el Servicio de Ejecuci\u00f3n Remota NetWorker (nsrexecd.exe) en EMC Software NetWorker 7.x.x permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante (1) un sondeo o (2) una petici\u00f3n de terminaci\u00f3n (kill) con un \"subcmd inv\u00e1lido largo\"."
}
],
"id": "CVE-2007-3618",
"lastModified": "2024-11-21T00:33:40.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-21T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39744"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26517"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3043"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/477172/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25375"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1018590"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2931"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-049.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/477172/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1018590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-049.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36123"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-05 16:30
Modified
2024-11-21 01:05
Severity ?
Summary
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1716E256-B186-442F-8C4C-9305E0953081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.tc1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEEBB378-F57A-4420-973F-8B641700740A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc1:*:*:*:*:*:*:*",
"matchCriteriaId": "5634CF97-CBD3-4CA3-8144-2F875FDD3FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc2e:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2380EC-4F4E-434F-9103-02BA0F8E68EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7931542-8DB8-4BC3-A319-9352EBC62158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc3e:*:*:*:*:*:*:*",
"matchCriteriaId": "B7252409-BAB0-41C5-8D82-09FDB751EB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc4:*:*:*:*:*:*:*",
"matchCriteriaId": "795E3755-48D3-4A70-9AFB-1B3B9F3B8F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc4e:*:*:*:*:*:*:*",
"matchCriteriaId": "97D142F8-076C-42E4-A1C3-8DDA45605340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc5:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB0B784-F6C0-4333-91C3-F01C23C20C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc5e:*:*:*:*:*:*:*",
"matchCriteriaId": "8F475C2E-32D9-40EF-82D5-72B827774F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6FFFAC-9FBD-44B7-9F12-53CF653F9F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc6e:*:*:*:*:*:*:*",
"matchCriteriaId": "A095762C-9A12-475A-B77A-8B5DA6333AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc7:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB862D4-E158-4BDD-A35D-7CF35D42561B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc7e:*:*:*:*:*:*:*",
"matchCriteriaId": "7921875E-57C4-47D8-ADD5-E65980D2B24C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5A7699-3614-4C07-B0D0-92C05F593A17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc8e:*:*:*:*:*:*:*",
"matchCriteriaId": "3BAE6B0C-7F7E-41B0-AC9D-75BED81F5878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc9:*:*:*:*:*:*:*",
"matchCriteriaId": "A6770AAD-CB91-49DF-9B2D-DCFB5880C833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc9e:*:*:*:*:*:*:*",
"matchCriteriaId": "95E7DC6E-7A0D-4FFB-8641-1F25AAFE5D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc10:*:*:*:*:*:*:*",
"matchCriteriaId": "CA609752-9DE0-4080-94FC-85337DA15757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc10e:*:*:*:*:*:*:*",
"matchCriteriaId": "29202E83-5F00-4200-9A36-AB06A1370E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE53870D-832F-4300-8556-9062BCC8F9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3398187-9A9C-4584-A186-01DB36C88219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC21790C-D057-4B11-8D0C-202B71B1E7A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc1de:*:*:*:*:*:*:*",
"matchCriteriaId": "1D7F320F-72E0-440C-A300-6D85AEE86DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc2:*:*:*:*:*:*:*",
"matchCriteriaId": "539DE4E7-8531-43E8-AE75-178BFC4324F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc2e:*:*:*:*:*:*:*",
"matchCriteriaId": "487A81FC-FBB9-43C6-B419-4BA033054CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc3:*:*:*:*:*:*:*",
"matchCriteriaId": "429D6E5F-E249-4EA5-B2BB-DDF3B2B20676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc3e:*:*:*:*:*:*:*",
"matchCriteriaId": "D8BA02BE-9028-457F-A231-5C27BE442042",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:legato_networker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A324AC-8E82-42B9-910E-9131B2AD26B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow."
},
{
"lang": "es",
"value": "Error de entero sin signo en la funcionalidad de autenticaci\u00f3n en librpc.dll en Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), tal y como se utiliza en IBM Informix Dynamic Server (IDS) v10.x anteriores a la v10.00.TC9 y v11.x anteriores a v11.10.TC3 y EMC Legato NetWorker, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un par\u00e1metro manipulado en tama\u00f1o que inicia un desbordamiento de b\u00fafer basado en la pila."
}
],
"id": "CVE-2009-2754",
"lastModified": "2024-11-21T01:05:40.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-05T16:30:00.583",
"references": [
{
"source": "cve@mitre.org",
"url": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38731"
},
{
"source": "cve@mitre.org",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
},
{
"source": "cve@mitre.org",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509793/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38472"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0508"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0509"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-023"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509793/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56586"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-31 05:00
Modified
2024-11-21 00:02
Severity ?
Summary
nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | legato_networker | 7.2 | |
| emc | legato_networker | 7.2.1 | |
| emc | legato_networker | 7.2_build172 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2D787A-DCA0-45CE-A5C3-41850970B468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA00514-6EFF-4BE4-A49E-30C4FF42998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2_build172:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0DFF6E-6234-4C04-AD61-BDB52CFFF7EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference."
}
],
"id": "CVE-2005-3659",
"lastModified": "2024-11-21T00:02:22.323",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18495"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18615"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24173"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-23 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | legato_networker | 4.2.2 | |
| emc | legato_networker | 6.0 | |
| emc | legato_networker | 6.1 | |
| emc | legato_networker | 7.2 | |
| emc | legato_networker | 7.13 | |
| sun | solstice_backup | 6.0 | |
| sun | solstice_backup | 6.1 | |
| sun | storedge_enterprise_backup_software | 7.0 | |
| sun | storedge_enterprise_backup_software | 7.1 | |
| sun | storedge_enterprise_backup_software | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:legato_networker:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FC6877-29D3-49D7-AA40-CB860E5EA51C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BCC27A1-A233-4999-AEA8-C096079A717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70CC4877-2701-4AA1-B6CC-44FE6551D5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2D787A-DCA0-45CE-A5C3-41850970B468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "31C10A84-B508-4439-A0CD-F55EBB330077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:solstice_backup:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36599E72-B2A7-4D75-BD8D-CB7B7425BE06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:solstice_backup:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC13C5F-002B-4992-964D-035CCFE0A8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:storedge_enterprise_backup_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E6EB61-BE16-4575-9EFA-0FAC1C14490E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:storedge_enterprise_backup_software:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53247CF9-5E51-48AE-93D2-05CA93CC162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:storedge_enterprise_backup_software:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACB16BC-73BE-4071-9BCF-F5FFD3A196E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID."
}
],
"id": "CVE-2005-0357",
"lastModified": "2024-11-20T23:54:57.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-23T04:00:00.000",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16464"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16470"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/606857"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/18800"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/606857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/18800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21887"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}