First published: Sat Aug 20 2005(Updated: )
The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
NetWorker | =4.2.2 | |
NetWorker | =6.0 | |
NetWorker | =6.1 | |
NetWorker | =7.2 | |
NetWorker | =7.13 | |
Sun Solstice Backup | =6.0 | |
Sun Solstice Backup | =6.1 | |
Sun Storedge Enterprise Backup Software | =7.0 | |
Sun Storedge Enterprise Backup Software | =7.1 | |
Sun Storedge Enterprise Backup Software | =7.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2005-0359 has a high severity rating due to the potential for denial of service attacks.
To fix CVE-2005-0359, restrict access to the pmap_set and pmap_unset commands in the affected software.
CVE-2005-0359 affects specific versions of EMC Legato NetWorker and Sun Storedge Enterprise Backup Software.
CVE-2005-0359 can be exploited to execute a denial of service attack against the affected applications.
While CVE-2005-0359 is an older vulnerability, it remains relevant for organizations using the impacted software versions.