PT-2005-1433 · Sun+1 · Sun Solstice Backup+2

Published

2005-08-20

Updated

2017-07-11

CVE-2005-0357

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions EMC Legato NetWorker (affected versions not specified) Sun Solstice Backup versions 6.0 through 6.1 StorEdge Enterprise Backup versions 7.0 through 7.2

Description The issue allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID, as the affected software relies on AUTH UNIX authentication, which uses user ID for authentication.

Recommendations For Sun Solstice Backup versions 6.0 through 6.1, consider disabling the use of AUTH UNIX authentication until a fix is available. For StorEdge Enterprise Backup versions 7.0 through 7.2, restrict access to the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability in EMC Legato NetWorker.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0357

Affected Products

Emc Legato Networker

Storedge Enterprise Backup

Sun Solstice Backup

PT-2005-1433 · Sun+1 · Sun Solstice Backup+2

CVE-2005-0357

Related Identifiers

Affected Products

References · 10