EMC NetWorker Weak Authentication Lets Remote Users Gain Root Privileges
|
|
SecurityTracker Alert ID: 1017724 |
|
SecurityTracker URL: http://securitytracker.com/id/1017724
|
|
CVE Reference:
CVE-2006-3892
(Links to External Site)
|
Date: Mar 5 2007
|
Impact:
Execution of arbitrary code via network, Root access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 7.3.2
|
Description:
A vulnerability was reported in EMC NetWorker. A remote user can execute arbitrary commands on the target system.
A remote user can impersonate the NetWorker Management Console to connect to the target system and execute arbitrary commands with root level privileges.
US-CERT credits the National Oceanic and Atmospheric Administration (NOAA) Computer Incident Response Team (N-CIRT) Lab with reporting this vulnerability.
The US-CERT advisory is available at:
http://www.kb.cert.org/vuls/id/498553
|
Impact:
A remote user can execute arbitrary commands on the target system with root level privileges.
|
Solution:
The vendor has issued a fix (7.3.2 Jumbo Update 1, Build 386).
The EMC advisory is available at:
ftp://ftp.legato.com/pub/NetWorker/Updates/732JumboUpdate1/README%20732%20Jumbo%20Update%201.txt
|
Vendor URL: www.emc.com/ (Links to External Site)
|
Cause:
Authentication error
|
Underlying OS:
Linux (Any), UNIX (HP/UX), UNIX (OS X), UNIX (SGI/IRIX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 5 Mar 2007 08:38:43 -0500
Subject: Legato NetWorker EMC NetWorker
|
ftp://ftp.legato.com/pub/NetWorker/Updates/732JumboUpdate1/README%20732%20Jumbo%20Update%201.txt
> This package enhances NetWorker 7.3.2, resolving a security vulnerability ...
Ref:
http://www.kb.cert.org/vuls/id/498553
CVE-2006-3892
|
|
