CVE-2005-0359

Name of the Vulnerable Software and Affected Versions EMC Legato NetWorker versions prior to the fixed version Sun Solstice Backup versions 6.0 through 6.1 StorEdge Enterprise Backup versions 7.0 through 7.2

Description The issue allows remote attackers to cause a denial of service or obtain sensitive information from services. This is achieved by exploiting the lack of access restriction to the pmap set and pmap unset commands in the Legato PortMapper. Attackers can use pmap unset to un-register a service, causing a denial of service, or use pmap set to register a new service and obtain sensitive information.

Recommendations For EMC Legato NetWorker, update to a version that includes the fix for this issue. For Sun Solstice Backup versions 6.0 through 6.1, restrict access to the pmap set and pmap unset commands until a patch is available. For StorEdge Enterprise Backup versions 7.0 through 7.2, consider disabling the Legato PortMapper service as a temporary workaround until a fix is applied.