Search criteria
21 vulnerabilities found for legato_networker by emc
FKIE_CVE-2009-2754
Vulnerability from fkie_nvd - Published: 2010-03-05 16:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1716E256-B186-442F-8C4C-9305E0953081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.tc1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEEBB378-F57A-4420-973F-8B641700740A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc1:*:*:*:*:*:*:*",
"matchCriteriaId": "5634CF97-CBD3-4CA3-8144-2F875FDD3FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc2e:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2380EC-4F4E-434F-9103-02BA0F8E68EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7931542-8DB8-4BC3-A319-9352EBC62158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc3e:*:*:*:*:*:*:*",
"matchCriteriaId": "B7252409-BAB0-41C5-8D82-09FDB751EB3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc4:*:*:*:*:*:*:*",
"matchCriteriaId": "795E3755-48D3-4A70-9AFB-1B3B9F3B8F52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc4e:*:*:*:*:*:*:*",
"matchCriteriaId": "97D142F8-076C-42E4-A1C3-8DDA45605340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc5:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB0B784-F6C0-4333-91C3-F01C23C20C72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc5e:*:*:*:*:*:*:*",
"matchCriteriaId": "8F475C2E-32D9-40EF-82D5-72B827774F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6FFFAC-9FBD-44B7-9F12-53CF653F9F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc6e:*:*:*:*:*:*:*",
"matchCriteriaId": "A095762C-9A12-475A-B77A-8B5DA6333AEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc7:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB862D4-E158-4BDD-A35D-7CF35D42561B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc7e:*:*:*:*:*:*:*",
"matchCriteriaId": "7921875E-57C4-47D8-ADD5-E65980D2B24C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C5A7699-3614-4C07-B0D0-92C05F593A17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc8e:*:*:*:*:*:*:*",
"matchCriteriaId": "3BAE6B0C-7F7E-41B0-AC9D-75BED81F5878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc9:*:*:*:*:*:*:*",
"matchCriteriaId": "A6770AAD-CB91-49DF-9B2D-DCFB5880C833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc9e:*:*:*:*:*:*:*",
"matchCriteriaId": "95E7DC6E-7A0D-4FFB-8641-1F25AAFE5D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc10:*:*:*:*:*:*:*",
"matchCriteriaId": "CA609752-9DE0-4080-94FC-85337DA15757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc10e:*:*:*:*:*:*:*",
"matchCriteriaId": "29202E83-5F00-4200-9A36-AB06A1370E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE53870D-832F-4300-8556-9062BCC8F9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F3398187-9A9C-4584-A186-01DB36C88219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC21790C-D057-4B11-8D0C-202B71B1E7A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc1de:*:*:*:*:*:*:*",
"matchCriteriaId": "1D7F320F-72E0-440C-A300-6D85AEE86DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc2:*:*:*:*:*:*:*",
"matchCriteriaId": "539DE4E7-8531-43E8-AE75-178BFC4324F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc2e:*:*:*:*:*:*:*",
"matchCriteriaId": "487A81FC-FBB9-43C6-B419-4BA033054CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc3:*:*:*:*:*:*:*",
"matchCriteriaId": "429D6E5F-E249-4EA5-B2BB-DDF3B2B20676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc3e:*:*:*:*:*:*:*",
"matchCriteriaId": "D8BA02BE-9028-457F-A231-5C27BE442042",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:legato_networker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78A324AC-8E82-42B9-910E-9131B2AD26B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow."
},
{
"lang": "es",
"value": "Error de entero sin signo en la funcionalidad de autenticaci\u00f3n en librpc.dll en Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), tal y como se utiliza en IBM Informix Dynamic Server (IDS) v10.x anteriores a la v10.00.TC9 y v11.x anteriores a v11.10.TC3 y EMC Legato NetWorker, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un par\u00e1metro manipulado en tama\u00f1o que inicia un desbordamiento de b\u00fafer basado en la pila."
}
],
"id": "CVE-2009-2754",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-05T16:30:00.583",
"references": [
{
"source": "cve@mitre.org",
"url": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38731"
},
{
"source": "cve@mitre.org",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
},
{
"source": "cve@mitre.org",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509793/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38472"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0508"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0509"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-023"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509793/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56586"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-3618
Vulnerability from fkie_nvd - Published: 2007-08-21 21:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | legato_networker | 7.0 | |
| emc | legato_networker | 7.1.3 | |
| emc | legato_networker | 7.2 | |
| emc | legato_networker | 7.2.1 | |
| emc | legato_networker | 7.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAA81FD4-EC81-4C0B-8479-C75AE7B7308A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEC9807-47E2-4915-91E7-96AA21FFFCD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2D787A-DCA0-45CE-A5C3-41850970B468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA00514-6EFF-4BE4-A49E-30C4FF42998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C981722C-80D7-4569-88BA-02CB4BA16DAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a \"long invalid subcmd.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el Servicio de Ejecuci\u00f3n Remota NetWorker (nsrexecd.exe) en EMC Software NetWorker 7.x.x permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante (1) un sondeo o (2) una petici\u00f3n de terminaci\u00f3n (kill) con un \"subcmd inv\u00e1lido largo\"."
}
],
"id": "CVE-2007-3618",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-21T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/39744"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26517"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3043"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/477172/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25375"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1018590"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2931"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-049.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36123"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/39744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/477172/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1018590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2931"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-049.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36123"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3659
Vulnerability from fkie_nvd - Published: 2005-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | legato_networker | 7.2 | |
| emc | legato_networker | 7.2.1 | |
| emc | legato_networker | 7.2_build172 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2D787A-DCA0-45CE-A5C3-41850970B468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA00514-6EFF-4BE4-A49E-30C4FF42998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2_build172:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0DFF6E-6234-4C04-AD61-BDB52CFFF7EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference."
}
],
"id": "CVE-2005-3659",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18495"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18615"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24173"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3658
Vulnerability from fkie_nvd - Published: 2005-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | legato_networker | 7.1.1 | |
| emc | legato_networker | 7.1.2 | |
| emc | legato_networker | 7.1.3 | |
| emc | legato_networker | 7.2 | |
| emc | legato_networker | 7.2.1 | |
| emc | legato_networker | 7.2_build172 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66B0FBAD-32E2-44D1-8612-855C7A0AF1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93BF6BD6-FD86-46F8-908E-39CF2AB1929B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEC9807-47E2-4915-91E7-96AA21FFFCD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2D787A-DCA0-45CE-A5C3-41850970B468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA00514-6EFF-4BE4-A49E-30C4FF42998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2_build172:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0DFF6E-6234-4C04-AD61-BDB52CFFF7EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe)."
}
],
"id": "CVE-2005-3658",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18495"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18615"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=374"
},
{
"source": "cve@mitre.org",
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24174"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24175"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-0358
Vulnerability from fkie_nvd - Published: 2005-08-23 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | legato_networker | 4.2.2 | |
| emc | legato_networker | 6.0 | |
| emc | legato_networker | 6.1 | |
| emc | legato_networker | 7.2 | |
| emc | legato_networker | 7.13 | |
| sun | solstice_backup | 6.0 | |
| sun | solstice_backup | 6.1 | |
| sun | storedge_enterprise_backup_software | 7.0 | |
| sun | storedge_enterprise_backup_software | 7.1 | |
| sun | storedge_enterprise_backup_software | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:legato_networker:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FC6877-29D3-49D7-AA40-CB860E5EA51C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BCC27A1-A233-4999-AEA8-C096079A717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70CC4877-2701-4AA1-B6CC-44FE6551D5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2D787A-DCA0-45CE-A5C3-41850970B468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "31C10A84-B508-4439-A0CD-F55EBB330077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:solstice_backup:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36599E72-B2A7-4D75-BD8D-CB7B7425BE06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:solstice_backup:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC13C5F-002B-4992-964D-035CCFE0A8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:storedge_enterprise_backup_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E6EB61-BE16-4575-9EFA-0FAC1C14490E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:storedge_enterprise_backup_software:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53247CF9-5E51-48AE-93D2-05CA93CC162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:storedge_enterprise_backup_software:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACB16BC-73BE-4071-9BCF-F5FFD3A196E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token."
}
],
"id": "CVE-2005-0358",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-23T04:00:00.000",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16464"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16470"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/407641"
},
{
"source": "cret@cert.org",
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/18801"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/407641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/18801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21892"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-0357
Vulnerability from fkie_nvd - Published: 2005-08-23 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | legato_networker | 4.2.2 | |
| emc | legato_networker | 6.0 | |
| emc | legato_networker | 6.1 | |
| emc | legato_networker | 7.2 | |
| emc | legato_networker | 7.13 | |
| sun | solstice_backup | 6.0 | |
| sun | solstice_backup | 6.1 | |
| sun | storedge_enterprise_backup_software | 7.0 | |
| sun | storedge_enterprise_backup_software | 7.1 | |
| sun | storedge_enterprise_backup_software | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:legato_networker:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FC6877-29D3-49D7-AA40-CB860E5EA51C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BCC27A1-A233-4999-AEA8-C096079A717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70CC4877-2701-4AA1-B6CC-44FE6551D5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2D787A-DCA0-45CE-A5C3-41850970B468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "31C10A84-B508-4439-A0CD-F55EBB330077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:solstice_backup:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36599E72-B2A7-4D75-BD8D-CB7B7425BE06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:solstice_backup:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC13C5F-002B-4992-964D-035CCFE0A8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:storedge_enterprise_backup_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E6EB61-BE16-4575-9EFA-0FAC1C14490E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:storedge_enterprise_backup_software:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53247CF9-5E51-48AE-93D2-05CA93CC162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:storedge_enterprise_backup_software:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACB16BC-73BE-4071-9BCF-F5FFD3A196E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID."
}
],
"id": "CVE-2005-0357",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-23T04:00:00.000",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16464"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16470"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/606857"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/18800"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/606857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/18800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21887"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-0359
Vulnerability from fkie_nvd - Published: 2005-08-23 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| emc | legato_networker | 4.2.2 | |
| emc | legato_networker | 6.0 | |
| emc | legato_networker | 6.1 | |
| emc | legato_networker | 7.2 | |
| emc | legato_networker | 7.13 | |
| sun | solstice_backup | 6.0 | |
| sun | solstice_backup | 6.1 | |
| sun | storedge_enterprise_backup_software | 7.0 | |
| sun | storedge_enterprise_backup_software | 7.1 | |
| sun | storedge_enterprise_backup_software | 7.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:emc:legato_networker:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0FC6877-29D3-49D7-AA40-CB860E5EA51C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BCC27A1-A233-4999-AEA8-C096079A717F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70CC4877-2701-4AA1-B6CC-44FE6551D5AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C2D787A-DCA0-45CE-A5C3-41850970B468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emc:legato_networker:7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "31C10A84-B508-4439-A0CD-F55EBB330077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:solstice_backup:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36599E72-B2A7-4D75-BD8D-CB7B7425BE06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:solstice_backup:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC13C5F-002B-4992-964D-035CCFE0A8B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:storedge_enterprise_backup_software:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E6EB61-BE16-4575-9EFA-0FAC1C14490E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:storedge_enterprise_backup_software:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53247CF9-5E51-48AE-93D2-05CA93CC162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:storedge_enterprise_backup_software:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6ACB16BC-73BE-4071-9BCF-F5FFD3A196E8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service."
}
],
"id": "CVE-2005-0359",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-23T04:00:00.000",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16464"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16470"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/801089"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm"
},
{
"source": "cret@cert.org",
"url": "http://www.osvdb.org/18802"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/801089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/18802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21893"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2009-2754 (GCVE-0-2009-2754)
Vulnerability from cvelistv5 – Published: 2010-03-05 16:00 – Updated: 2024-08-07 05:59
VLAI?
Summary
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:57.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38731"
},
{
"name": "20100301 ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509793/100/0/threaded"
},
{
"name": "ADV-2010-0508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0508"
},
{
"name": "IC55329",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
},
{
"name": "IC55330",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-023"
},
{
"name": "ibm-ids-portmap-bo(56586)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56586"
},
{
"name": "ADV-2010-0509",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0509"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834"
},
{
"name": "38472",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38731"
},
{
"name": "20100301 ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509793/100/0/threaded"
},
{
"name": "ADV-2010-0508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0508"
},
{
"name": "IC55329",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
},
{
"name": "IC55330",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-023"
},
{
"name": "ibm-ids-portmap-bo(56586)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56586"
},
{
"name": "ADV-2010-0509",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0509"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834"
},
{
"name": "38472",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38472"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38731"
},
{
"name": "20100301 ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509793/100/0/threaded"
},
{
"name": "ADV-2010-0508",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0508"
},
{
"name": "IC55329",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
},
{
"name": "IC55330",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-023",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-023"
},
{
"name": "ibm-ids-portmap-bo(56586)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56586"
},
{
"name": "ADV-2010-0509",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0509"
},
{
"name": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834",
"refsource": "CONFIRM",
"url": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834"
},
{
"name": "38472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38472"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2754",
"datePublished": "2010-03-05T16:00:00",
"dateReserved": "2009-08-12T00:00:00",
"dateUpdated": "2024-08-07T05:59:57.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3618 (GCVE-0-2007-3618)
Vulnerability from cvelistv5 – Published: 2007-08-21 21:00 – Updated: 2024-08-07 14:21
VLAI?
Summary
Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3043",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3043"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-049.html"
},
{
"name": "ADV-2007-2931",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2931"
},
{
"name": "20070820 ZDI-07-049: EMC Legato Networker Remote Exec Service Stack Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477172/100/0/threaded"
},
{
"name": "26517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26517"
},
{
"name": "25375",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25375"
},
{
"name": "networker-nsrexecd-bo(36123)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36123"
},
{
"name": "39744",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39744"
},
{
"name": "1018590",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018590"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a \"long invalid subcmd.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3043",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3043"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-049.html"
},
{
"name": "ADV-2007-2931",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2931"
},
{
"name": "20070820 ZDI-07-049: EMC Legato Networker Remote Exec Service Stack Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477172/100/0/threaded"
},
{
"name": "26517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26517"
},
{
"name": "25375",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25375"
},
{
"name": "networker-nsrexecd-bo(36123)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36123"
},
{
"name": "39744",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39744"
},
{
"name": "1018590",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018590"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a \"long invalid subcmd.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3043",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3043"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-049.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-049.html"
},
{
"name": "ADV-2007-2931",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2931"
},
{
"name": "20070820 ZDI-07-049: EMC Legato Networker Remote Exec Service Stack Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477172/100/0/threaded"
},
{
"name": "26517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26517"
},
{
"name": "25375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25375"
},
{
"name": "networker-nsrexecd-bo(36123)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36123"
},
{
"name": "39744",
"refsource": "OSVDB",
"url": "http://osvdb.org/39744"
},
{
"name": "1018590",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018590"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3618",
"datePublished": "2007-08-21T21:00:00",
"dateReserved": "2007-07-06T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3658 (GCVE-0-2005-3658)
Vulnerability from cvelistv5 – Published: 2006-01-18 02:00 – Updated: 2024-08-07 23:17
VLAI?
Summary
Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"name": "18615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"name": "20060117 EMC Legato Networker nsrd.exe Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373"
},
{
"name": "20060117 EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=374"
},
{
"name": "legato-nsrd-bo(24175)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24175"
},
{
"name": "ADV-2006-0343",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"name": "legato-nsrexecd-bo(24174)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24174"
},
{
"name": "18495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18495"
},
{
"name": "1015500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"name": "16275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"name": "ADV-2006-0233",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"name": "102148",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"name": "18615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"name": "20060117 EMC Legato Networker nsrd.exe Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373"
},
{
"name": "20060117 EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=374"
},
{
"name": "legato-nsrd-bo(24175)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24175"
},
{
"name": "ADV-2006-0343",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"name": "legato-nsrexecd-bo(24174)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24174"
},
{
"name": "18495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18495"
},
{
"name": "1015500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"name": "16275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"name": "ADV-2006-0233",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"name": "102148",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015545",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015545"
},
{
"name": "18615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18615"
},
{
"name": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm",
"refsource": "CONFIRM",
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"name": "20060117 EMC Legato Networker nsrd.exe Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373"
},
{
"name": "20060117 EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=374"
},
{
"name": "legato-nsrd-bo(24175)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24175"
},
{
"name": "ADV-2006-0343",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"name": "legato-nsrexecd-bo(24174)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24174"
},
{
"name": "18495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18495"
},
{
"name": "1015500",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015500"
},
{
"name": "16275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16275"
},
{
"name": "ADV-2006-0233",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"name": "102148",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"name": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT",
"refsource": "CONFIRM",
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3658",
"datePublished": "2006-01-18T02:00:00",
"dateReserved": "2005-11-18T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3659 (GCVE-0-2005-3659)
Vulnerability from cvelistv5 – Published: 2006-01-18 02:00 – Updated: 2024-08-07 23:17
VLAI?
Summary
nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"name": "18615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"name": "20060117 EMC Legato Networker nsrd.exe DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375"
},
{
"name": "ADV-2006-0343",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"name": "18495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18495"
},
{
"name": "1015500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"name": "16275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"name": "ADV-2006-0233",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"name": "legato-nsrd-dos(24173)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24173"
},
{
"name": "102148",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"name": "18615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"name": "20060117 EMC Legato Networker nsrd.exe DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375"
},
{
"name": "ADV-2006-0343",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"name": "18495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18495"
},
{
"name": "1015500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"name": "16275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"name": "ADV-2006-0233",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"name": "legato-nsrd-dos(24173)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24173"
},
{
"name": "102148",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015545",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015545"
},
{
"name": "18615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18615"
},
{
"name": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm",
"refsource": "CONFIRM",
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"name": "20060117 EMC Legato Networker nsrd.exe DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375"
},
{
"name": "ADV-2006-0343",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"name": "18495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18495"
},
{
"name": "1015500",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015500"
},
{
"name": "16275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16275"
},
{
"name": "ADV-2006-0233",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"name": "legato-nsrd-dos(24173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24173"
},
{
"name": "102148",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"name": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT",
"refsource": "CONFIRM",
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3659",
"datePublished": "2006-01-18T02:00:00",
"dateReserved": "2005-11-18T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0358 (GCVE-0-2005-0358)
Vulnerability from cvelistv5 – Published: 2005-08-20 04:00 – Updated: 2024-08-07 21:13
VLAI?
Summary
EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:53.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#407641",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/407641"
},
{
"name": "16470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16464"
},
{
"name": "1014713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm"
},
{
"name": "14582",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"name": "legato-token-gain-privileges(21892)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21892"
},
{
"name": "101886",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "18801",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/18801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#407641",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/407641"
},
{
"name": "16470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16464"
},
{
"name": "1014713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm"
},
{
"name": "14582",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"name": "legato-token-gain-privileges(21892)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21892"
},
{
"name": "101886",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "18801",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/18801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2005-0358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#407641",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/407641"
},
{
"name": "16470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16464"
},
{
"name": "1014713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm",
"refsource": "CONFIRM",
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm"
},
{
"name": "14582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14582"
},
{
"name": "legato-token-gain-privileges(21892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21892"
},
{
"name": "101886",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "18801",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2005-0358",
"datePublished": "2005-08-20T04:00:00",
"dateReserved": "2005-02-11T00:00:00",
"dateUpdated": "2024-08-07T21:13:53.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0357 (GCVE-0-2005-0357)
Vulnerability from cvelistv5 – Published: 2005-08-20 04:00 – Updated: 2024-08-07 21:13
VLAI?
Summary
EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:53.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16464"
},
{
"name": "18800",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/18800"
},
{
"name": "1014713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm"
},
{
"name": "101886",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "legato-authunix-bypass-authentication(21887)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21887"
},
{
"name": "VU#606857",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/606857"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "16470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16464"
},
{
"name": "18800",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/18800"
},
{
"name": "1014713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm"
},
{
"name": "101886",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "legato-authunix-bypass-authentication(21887)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21887"
},
{
"name": "VU#606857",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/606857"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2005-0357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16464"
},
{
"name": "18800",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18800"
},
{
"name": "1014713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14582"
},
{
"name": "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm",
"refsource": "CONFIRM",
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm"
},
{
"name": "101886",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "legato-authunix-bypass-authentication(21887)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21887"
},
{
"name": "VU#606857",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/606857"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2005-0357",
"datePublished": "2005-08-20T04:00:00",
"dateReserved": "2005-02-11T00:00:00",
"dateUpdated": "2024-08-07T21:13:53.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0359 (GCVE-0-2005-0359)
Vulnerability from cvelistv5 – Published: 2005-08-20 04:00 – Updated: 2024-08-07 21:13
VLAI?
Summary
The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:53.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#801089",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/801089"
},
{
"name": "legato-portmapper-obtain-information(21893)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21893"
},
{
"name": "16470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16464"
},
{
"name": "1014713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm"
},
{
"name": "18802",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/18802"
},
{
"name": "101886",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#801089",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/801089"
},
{
"name": "legato-portmapper-obtain-information(21893)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21893"
},
{
"name": "16470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16464"
},
{
"name": "1014713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm"
},
{
"name": "18802",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/18802"
},
{
"name": "101886",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2005-0359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#801089",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/801089"
},
{
"name": "legato-portmapper-obtain-information(21893)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21893"
},
{
"name": "16470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16464"
},
{
"name": "1014713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14582"
},
{
"name": "http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm",
"refsource": "CONFIRM",
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm"
},
{
"name": "18802",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18802"
},
{
"name": "101886",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2005-0359",
"datePublished": "2005-08-20T04:00:00",
"dateReserved": "2005-02-11T00:00:00",
"dateUpdated": "2024-08-07T21:13:53.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2754 (GCVE-0-2009-2754)
Vulnerability from nvd – Published: 2010-03-05 16:00 – Updated: 2024-08-07 05:59
VLAI?
Summary
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:57.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38731"
},
{
"name": "20100301 ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509793/100/0/threaded"
},
{
"name": "ADV-2010-0508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0508"
},
{
"name": "IC55329",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
},
{
"name": "IC55330",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-023"
},
{
"name": "ibm-ids-portmap-bo(56586)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56586"
},
{
"name": "ADV-2010-0509",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0509"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834"
},
{
"name": "38472",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38731",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38731"
},
{
"name": "20100301 ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509793/100/0/threaded"
},
{
"name": "ADV-2010-0508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0508"
},
{
"name": "IC55329",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
},
{
"name": "IC55330",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-023"
},
{
"name": "ibm-ids-portmap-bo(56586)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56586"
},
{
"name": "ADV-2010-0509",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0509"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834"
},
{
"name": "38472",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38472"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38731"
},
{
"name": "20100301 ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509793/100/0/threaded"
},
{
"name": "ADV-2010-0508",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0508"
},
{
"name": "IC55329",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
},
{
"name": "IC55330",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-023",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-023"
},
{
"name": "ibm-ids-portmap-bo(56586)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56586"
},
{
"name": "ADV-2010-0509",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0509"
},
{
"name": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834",
"refsource": "CONFIRM",
"url": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834"
},
{
"name": "38472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38472"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2754",
"datePublished": "2010-03-05T16:00:00",
"dateReserved": "2009-08-12T00:00:00",
"dateUpdated": "2024-08-07T05:59:57.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3618 (GCVE-0-2007-3618)
Vulnerability from nvd – Published: 2007-08-21 21:00 – Updated: 2024-08-07 14:21
VLAI?
Summary
Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:36.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3043",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3043"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-049.html"
},
{
"name": "ADV-2007-2931",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2931"
},
{
"name": "20070820 ZDI-07-049: EMC Legato Networker Remote Exec Service Stack Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477172/100/0/threaded"
},
{
"name": "26517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26517"
},
{
"name": "25375",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25375"
},
{
"name": "networker-nsrexecd-bo(36123)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36123"
},
{
"name": "39744",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39744"
},
{
"name": "1018590",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018590"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a \"long invalid subcmd.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3043",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3043"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-049.html"
},
{
"name": "ADV-2007-2931",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2931"
},
{
"name": "20070820 ZDI-07-049: EMC Legato Networker Remote Exec Service Stack Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477172/100/0/threaded"
},
{
"name": "26517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26517"
},
{
"name": "25375",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25375"
},
{
"name": "networker-nsrexecd-bo(36123)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36123"
},
{
"name": "39744",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39744"
},
{
"name": "1018590",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018590"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a \"long invalid subcmd.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3043",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3043"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-049.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-049.html"
},
{
"name": "ADV-2007-2931",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2931"
},
{
"name": "20070820 ZDI-07-049: EMC Legato Networker Remote Exec Service Stack Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477172/100/0/threaded"
},
{
"name": "26517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26517"
},
{
"name": "25375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25375"
},
{
"name": "networker-nsrexecd-bo(36123)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36123"
},
{
"name": "39744",
"refsource": "OSVDB",
"url": "http://osvdb.org/39744"
},
{
"name": "1018590",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018590"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3618",
"datePublished": "2007-08-21T21:00:00",
"dateReserved": "2007-07-06T00:00:00",
"dateUpdated": "2024-08-07T14:21:36.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3658 (GCVE-0-2005-3658)
Vulnerability from nvd – Published: 2006-01-18 02:00 – Updated: 2024-08-07 23:17
VLAI?
Summary
Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"name": "18615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"name": "20060117 EMC Legato Networker nsrd.exe Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373"
},
{
"name": "20060117 EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=374"
},
{
"name": "legato-nsrd-bo(24175)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24175"
},
{
"name": "ADV-2006-0343",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"name": "legato-nsrexecd-bo(24174)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24174"
},
{
"name": "18495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18495"
},
{
"name": "1015500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"name": "16275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"name": "ADV-2006-0233",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"name": "102148",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"name": "18615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"name": "20060117 EMC Legato Networker nsrd.exe Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373"
},
{
"name": "20060117 EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=374"
},
{
"name": "legato-nsrd-bo(24175)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24175"
},
{
"name": "ADV-2006-0343",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"name": "legato-nsrexecd-bo(24174)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24174"
},
{
"name": "18495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18495"
},
{
"name": "1015500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"name": "16275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"name": "ADV-2006-0233",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"name": "102148",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015545",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015545"
},
{
"name": "18615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18615"
},
{
"name": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm",
"refsource": "CONFIRM",
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"name": "20060117 EMC Legato Networker nsrd.exe Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=373"
},
{
"name": "20060117 EMC Legato Networker nsrexecd.exe Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=374"
},
{
"name": "legato-nsrd-bo(24175)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24175"
},
{
"name": "ADV-2006-0343",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"name": "legato-nsrexecd-bo(24174)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24174"
},
{
"name": "18495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18495"
},
{
"name": "1015500",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015500"
},
{
"name": "16275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16275"
},
{
"name": "ADV-2006-0233",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"name": "102148",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"name": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT",
"refsource": "CONFIRM",
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3658",
"datePublished": "2006-01-18T02:00:00",
"dateReserved": "2005-11-18T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3659 (GCVE-0-2005-3659)
Vulnerability from nvd – Published: 2006-01-18 02:00 – Updated: 2024-08-07 23:17
VLAI?
Summary
nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"name": "18615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"name": "20060117 EMC Legato Networker nsrd.exe DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375"
},
{
"name": "ADV-2006-0343",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"name": "18495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18495"
},
{
"name": "1015500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"name": "16275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"name": "ADV-2006-0233",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"name": "legato-nsrd-dos(24173)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24173"
},
{
"name": "102148",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015545"
},
{
"name": "18615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"name": "20060117 EMC Legato Networker nsrd.exe DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375"
},
{
"name": "ADV-2006-0343",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"name": "18495",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18495"
},
{
"name": "1015500",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015500"
},
{
"name": "16275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16275"
},
{
"name": "ADV-2006-0233",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"name": "legato-nsrd-dos(24173)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24173"
},
{
"name": "102148",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015545",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015545"
},
{
"name": "18615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18615"
},
{
"name": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm",
"refsource": "CONFIRM",
"url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"
},
{
"name": "20060117 EMC Legato Networker nsrd.exe DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375"
},
{
"name": "ADV-2006-0343",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0343"
},
{
"name": "18495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18495"
},
{
"name": "1015500",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015500"
},
{
"name": "16275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16275"
},
{
"name": "ADV-2006-0233",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0233"
},
{
"name": "legato-nsrd-dos(24173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24173"
},
{
"name": "102148",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"
},
{
"name": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT",
"refsource": "CONFIRM",
"url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3659",
"datePublished": "2006-01-18T02:00:00",
"dateReserved": "2005-11-18T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0358 (GCVE-0-2005-0358)
Vulnerability from nvd – Published: 2005-08-20 04:00 – Updated: 2024-08-07 21:13
VLAI?
Summary
EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:53.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#407641",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/407641"
},
{
"name": "16470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16464"
},
{
"name": "1014713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm"
},
{
"name": "14582",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"name": "legato-token-gain-privileges(21892)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21892"
},
{
"name": "101886",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "18801",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/18801"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#407641",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/407641"
},
{
"name": "16470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16464"
},
{
"name": "1014713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm"
},
{
"name": "14582",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"name": "legato-token-gain-privileges(21892)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21892"
},
{
"name": "101886",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "18801",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/18801"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2005-0358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#407641",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/407641"
},
{
"name": "16470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16464"
},
{
"name": "1014713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm",
"refsource": "CONFIRM",
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm"
},
{
"name": "14582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14582"
},
{
"name": "legato-token-gain-privileges(21892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21892"
},
{
"name": "101886",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "18801",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18801"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2005-0358",
"datePublished": "2005-08-20T04:00:00",
"dateReserved": "2005-02-11T00:00:00",
"dateUpdated": "2024-08-07T21:13:53.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0357 (GCVE-0-2005-0357)
Vulnerability from nvd – Published: 2005-08-20 04:00 – Updated: 2024-08-07 21:13
VLAI?
Summary
EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:53.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16464"
},
{
"name": "18800",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/18800"
},
{
"name": "1014713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm"
},
{
"name": "101886",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "legato-authunix-bypass-authentication(21887)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21887"
},
{
"name": "VU#606857",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/606857"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "16470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16464"
},
{
"name": "18800",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/18800"
},
{
"name": "1014713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm"
},
{
"name": "101886",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "legato-authunix-bypass-authentication(21887)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21887"
},
{
"name": "VU#606857",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/606857"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2005-0357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16464"
},
{
"name": "18800",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18800"
},
{
"name": "1014713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14582"
},
{
"name": "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm",
"refsource": "CONFIRM",
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm"
},
{
"name": "101886",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "legato-authunix-bypass-authentication(21887)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21887"
},
{
"name": "VU#606857",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/606857"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2005-0357",
"datePublished": "2005-08-20T04:00:00",
"dateReserved": "2005-02-11T00:00:00",
"dateUpdated": "2024-08-07T21:13:53.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0359 (GCVE-0-2005-0359)
Vulnerability from nvd – Published: 2005-08-20 04:00 – Updated: 2024-08-07 21:13
VLAI?
Summary
The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:53.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#801089",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/801089"
},
{
"name": "legato-portmapper-obtain-information(21893)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21893"
},
{
"name": "16470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16464"
},
{
"name": "1014713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm"
},
{
"name": "18802",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/18802"
},
{
"name": "101886",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#801089",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/801089"
},
{
"name": "legato-portmapper-obtain-information(21893)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21893"
},
{
"name": "16470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16464"
},
{
"name": "1014713",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14582"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm"
},
{
"name": "18802",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/18802"
},
{
"name": "101886",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2005-0359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#801089",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/801089"
},
{
"name": "legato-portmapper-obtain-information(21893)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21893"
},
{
"name": "16470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16464"
},
{
"name": "1014713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14582"
},
{
"name": "http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm",
"refsource": "CONFIRM",
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm"
},
{
"name": "18802",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18802"
},
{
"name": "101886",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2005-0359",
"datePublished": "2005-08-20T04:00:00",
"dateReserved": "2005-02-11T00:00:00",
"dateUpdated": "2024-08-07T21:13:53.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}