Vulnerabilities > CVE-2005-0357 - Multiple vulnerability in EMC Legato Networker

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

emc

sun

nessus

NVD

Published: 2005-08-23

Updated: 2017-07-11

Summary

EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.

Vulnerable Configurations

Part	Description	Count
Application	Emc EMC Legato Networker 4.2.2 EMC Legato Networker 6.0 EMC Legato Networker 6.1 EMC Legato Networker 7.2 EMC Legato Networker 7.13	5
Application	Sun SUN Solstice Backup 6.0 SUN Solstice Backup 6.1 SUN Storedge Enterprise Backup Software 7.0 SUN Storedge Enterprise Backup Software 7.1 SUN Storedge Enterprise Backup Software 7.2	5

Nessus

NASL family	Misc.
NASL id	LEGATO_MULTIPLE.NASL
description	The remote host is running one of the following products : - Legato Networker - Sun StorEdge Enterprise Backup Software - Sun Solstice Backup Software - Informix Storage Manager The installed version of this software is vulnerable to denial of service, unauthorized access and remote command execution attacks.
last seen	2020-06-01
modified	2020-06-02
plugin id	19558
published	2005-09-03
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/19558
title	EMC Legato Networker Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(19558); script_version("1.21"); script_cvs_date("Date: 2018/07/12 19:01:16"); script_cve_id("CVE-2005-0357", "CVE-2005-0358", "CVE-2005-0359"); script_bugtraq_id(14582); script_name(english:"EMC Legato Networker Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "Arbitrary code can be executed on the remote host." ); script_set_attribute(attribute:"description", value: "The remote host is running one of the following products : - Legato Networker - Sun StorEdge Enterprise Backup Software - Sun Solstice Backup Software - Informix Storage Manager The installed version of this software is vulnerable to denial of service, unauthorized access and remote command execution attacks." ); # http://web.archive.org/web/20060318052452/http://www.legato.com/support/websupport/product_alerts/081605_NW-7x.htm script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f5513702"); # http://web.archive.org/web/20080509045538/http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8c234b0c"); script_set_attribute(attribute:"solution", value: "If using Legato Networker, upgrade as necessary to NetWorker 7.1.3 and 7.2 and apply the vendor's patch. Otherwise, apply the appropriate fix as described in Sun's advisory above."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/09/03"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/08/16"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:emc:legato_networker"); script_set_attribute(attribute:"cpe", value:"cpe:/a:sun:solstice_backup"); script_set_attribute(attribute:"cpe", value:"cpe:/a:sun:storedge_enterprise_backup_software"); script_end_attributes(); script_summary(english:"Determines if Legato Networker is vulnerable"); script_category(ACT_ATTACK); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_family(english:"Misc."); script_dependencies ("legato_detect.nasl"); script_require_keys ("LegatoNetworker/installed"); script_require_ports(7938); exit(0); } if (! get_kb_item("LegatoNetworker/installed") ) exit (0); if (islocalhost()) exit (0); port = 7938; soc = open_sock_tcp (port); if (!soc) exit(0); rpc_port1 = rand() % 256; rpc_port2 = rand() % 256; xid1 = rand() % 256; xid2 = rand() % 256; xid3 = rand() % 256; xid4 = rand() % 256; pack = raw_string( 0x80, 0, 0, 0x38, # Last fragment; fragment length = 40 xid1, xid2, xid3, xid4, # XID 0, 0, 0, 0, # Call 0, 0, 0, 2, # RPC version = 2 0, 1, 0x86, 0xA0, # Programm = portmapper (10000) 0, 0, 0, 2, # Program version = 2 0, 0, 0, 1, # Procedure = 1 (SET) 0, 0, 0, 0, 0, 0, 0, 0, # Null credential 0, 0, 0, 0, 0, 0, 0, 0, # Null verifier 0, 0x54, 0x4E, 0x53, # Program 0, 0, 0, 1, # Version = 1 0, 0, 0, 6, # Protocol = TCP 0, 0, rpc_port1, rpc_port2 # Port ); send(socket: soc, data: pack); r = recv(socket: soc, length: 32); if ((strlen(r) != 32) \|\| (ord(r[0]) != 0x80)) exit (0); reply = substr(r, 28, 31); if ("0000001" >!< hexstr(reply)) exit (0); xid1 = rand() % 256; xid2 = rand() % 256; xid3 = rand() % 256; xid4 = rand() % 256; pack = raw_string( 0x80, 0, 0, 0x38, # Last fragment; fragment length = 40 xid1, xid2, xid3, xid4, # XID 0, 0, 0, 0, # Call 0, 0, 0, 2, # RPC version = 2 0, 1, 0x86, 0xA0, # Programm = portmapper (10000) 0, 0, 0, 2, # Program version = 2 0, 0, 0, 2, # Procedure = 2 (UNSET) 0, 0, 0, 0, 0, 0, 0, 0, # Null credential 0, 0, 0, 0, 0, 0, 0, 0, # Null verifier 0, 0x54, 0x4E, 0x53, # Program 0, 0, 0, 1, # Version = 1 0, 0, 0, 6, # Protocol = TCP 0, 0, rpc_port1, rpc_port2 # Port ); send(socket: soc, data: pack); r = recv(socket: soc, length: 32); if ((strlen(r) != 32) \|\| (ord(r[0]) != 0x80)) exit (0); reply = substr(r, 28, 31); if ("00000001" >< hexstr(reply)) security_hole(port);

NASL family	Solaris Local Security Checks
NASL id	SOLARIS9_120649.NASL
description	Sun StorEdge EBS 7.1L: Product Patch. Date this patch was last updated by Sun : Aug/16/05
last seen	2020-06-01
modified	2020-06-02
plugin id	36504
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/36504
title	Solaris 9 (sparc) : 120649-01
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(36504); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:23"); script_cve_id("CVE-2005-0357", "CVE-2005-0358", "CVE-2005-0359"); script_name(english:"Solaris 9 (sparc) : 120649-01"); script_summary(english:"Check for patch 120649-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 120649-01" ); script_set_attribute( attribute:"description", value: "Sun StorEdge EBS 7.1L: Product Patch. Date this patch was last updated by Sun : Aug/16/05" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/120649-01" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120649-01", obsoleted_by:"116828-04 ", package:"SUNWebsc", version:"7.1,REV=391") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120649-01", obsoleted_by:"116828-04 ", package:"SUNWebsn", version:"7.1,REV=391") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120649-01", obsoleted_by:"116828-04 ", package:"SUNWebss", version:"7.1,REV=391") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120649-01", obsoleted_by:"116828-04 ", package:"SUNWebsd", version:"7.1,REV=391") < 0) flag++; if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"120649-01", obsoleted_by:"116828-04 ", package:"SUNWebsm", version:"7.1,REV=391") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS7_120649.NASL
description	Sun StorEdge EBS 7.1L: Product Patch. Date this patch was last updated by Sun : Aug/16/05
last seen	2020-06-01
modified	2020-06-02
plugin id	37992
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/37992
title	Solaris 7 (sparc) : 120649-01
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(37992); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:22"); script_cve_id("CVE-2005-0357", "CVE-2005-0358", "CVE-2005-0359"); script_name(english:"Solaris 7 (sparc) : 120649-01"); script_summary(english:"Check for patch 120649-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 120649-01" ); script_set_attribute( attribute:"description", value: "Sun StorEdge EBS 7.1L: Product Patch. Date this patch was last updated by Sun : Aug/16/05" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/120649-01" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.7", arch:"sparc", patch:"120649-01", obsoleted_by:"116828-04 ", package:"SUNWebsc", version:"7.1,REV=391") < 0) flag++; if (solaris_check_patch(release:"5.7", arch:"sparc", patch:"120649-01", obsoleted_by:"116828-04 ", package:"SUNWebsn", version:"7.1,REV=391") < 0) flag++; if (solaris_check_patch(release:"5.7", arch:"sparc", patch:"120649-01", obsoleted_by:"116828-04 ", package:"SUNWebss", version:"7.1,REV=391") < 0) flag++; if (solaris_check_patch(release:"5.7", arch:"sparc", patch:"120649-01", obsoleted_by:"116828-04 ", package:"SUNWebsd", version:"7.1,REV=391") < 0) flag++; if (solaris_check_patch(release:"5.7", arch:"sparc", patch:"120649-01", obsoleted_by:"116828-04 ", package:"SUNWebsm", version:"7.1,REV=391") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS7_119670.NASL
description	Sun StorEdge EBS 7.1: Product Patch. Date this patch was last updated by Sun : Aug/16/05
last seen	2020-06-01
modified	2020-06-02
plugin id	23265
published	2006-11-06
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/23265
title	Solaris 7 (sparc) : 119670-01
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(23265); script_version("1.23"); script_cvs_date("Date: 2019/10/25 13:36:22"); script_cve_id("CVE-2005-0357", "CVE-2005-0358", "CVE-2005-0359"); script_name(english:"Solaris 7 (sparc) : 119670-01"); script_summary(english:"Check for patch 119670-01"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 119670-01" ); script_set_attribute( attribute:"description", value: "Sun StorEdge EBS 7.1: Product Patch. Date this patch was last updated by Sun : Aug/16/05" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119670-01" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.7", arch:"sparc", patch:"119670-01", obsoleted_by:"116826-06 ", package:"SUNWebss", version:"7.1,REV=230") < 0) flag++; if (solaris_check_patch(release:"5.7", arch:"sparc", patch:"119670-01", obsoleted_by:"116826-06 ", package:"SUNWebsd", version:"7.1,REV=230") < 0) flag++; if (solaris_check_patch(release:"5.7", arch:"sparc", patch:"119670-01", obsoleted_by:"116826-06 ", package:"SUNWebsc", version:"7.1,REV=230") < 0) flag++; if (solaris_check_patch(release:"5.7", arch:"sparc", patch:"119670-01", obsoleted_by:"116826-06 ", package:"SUNWebsm", version:"7.1,REV=230") < 0) flag++; if (solaris_check_patch(release:"5.7", arch:"sparc", patch:"119670-01", obsoleted_by:"116826-06 ", package:"SUNWebsn", version:"7.1,REV=230") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report()); else security_hole(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS9_X86_119671.NASL
description	Sun StorEdge EBS 7.1_x86: Product Patch. Date this patch was last updated by Sun : Aug/16/05
last seen	2020-06-01
modified	2020-06-02
plugin id	36841
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/36841
title	Solaris 9 (x86) : 119671-01

NASL family	Solaris Local Security Checks
NASL id	SOLARIS8_119670.NASL
description	Sun StorEdge EBS 7.1: Product Patch. Date this patch was last updated by Sun : Aug/16/05
last seen	2020-06-01
modified	2020-06-02
plugin id	23417
published	2006-11-06
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/23417
title	Solaris 8 (sparc) : 119670-01

NASL family	Solaris Local Security Checks
NASL id	SOLARIS8_X86_119671.NASL
description	Sun StorEdge EBS 7.1_x86: Product Patch. Date this patch was last updated by Sun : Aug/16/05
last seen	2020-06-01
modified	2020-06-02
plugin id	37670
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/37670
title	Solaris 8 (x86) : 119671-01

NASL family	Solaris Local Security Checks
NASL id	SOLARIS7_X86_119671.NASL
description	Sun StorEdge EBS 7.1_x86: Product Patch. Date this patch was last updated by Sun : Aug/16/05
last seen	2020-06-01
modified	2020-06-02
plugin id	38067
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/38067
title	Solaris 7 (x86) : 119671-01

NASL family	Solaris Local Security Checks
NASL id	SOLARIS8_120649.NASL
description	Sun StorEdge EBS 7.1L: Product Patch. Date this patch was last updated by Sun : Aug/16/05
last seen	2020-06-01
modified	2020-06-02
plugin id	37733
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/37733
title	Solaris 8 (sparc) : 120649-01

NASL family	Solaris Local Security Checks
NASL id	SOLARIS9_119670.NASL
description	Sun StorEdge EBS 7.1: Product Patch. Date this patch was last updated by Sun : Aug/16/05
last seen	2020-06-01
modified	2020-06-02
plugin id	23555
published	2006-11-06
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/23555
title	Solaris 9 (sparc) : 119670-01

Summary

Vulnerable Configurations

Nessus

References