---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Legato NetWorker Multiple Vulnerabilities SECUNIA ADVISORY ID: SA16464 VERIFY ADVISORY: http://secunia.com/advisories/16464/ CRITICAL: Moderately critical IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS WHERE: >From local network SOFTWARE: Legato NetWorker 6.x http://secunia.com/product/730/ Legato NetWorker 7.x http://secunia.com/product/2692/ DESCRIPTION: Three vulnerabilities have been reported in Legato NetWorker, which can be exploited by malicious people to cause a DoS (Denial of Service), gain knowledge of sensitive information, or bypass certain security restrictions. 1) An error in the AUTH_UNIX authentication for the RPC service can be exploited to bypass the authentication to the nwadmin, nsradmin, and nsrports components by providing a fake user name or to the recover and nsrececd components by providing a fake UID. 2) An error in the token-based authentication to the database services can be exploited to gain administrative privileges without being listed in the administrator list by sending a specially crafted token. 3) The portmapper (lgtomapper) allows calls to pmap_set and pmap_unset, which can be exploited to register and unregister RPC services thereby causing a DoS or potentially eavesdrop on NetWorker process communication. SOLUTION: Apply patches LGTpa74792, LGTpa78968, and LGTpa78969 (for versions 7.1.3 and 7.2). http://www.legato.com/support/websupport/patches_updates/networker_security_hotfix.htm Fixes will also be included in the next release of Legato NetWorker. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: EMC Corporation: http://www.legato.com/support/websupport/product_alerts/081605_NW-7x.htm OTHER REFERENCES: US-CERT VU#407641: http://www.kb.cert.org/vuls/id/407641 US-CERT VU#606857: http://www.kb.cert.org/vuls/id/606857 US-CERT VU#801089: http://www.kb.cert.org/vuls/id/801089 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------