The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 up to and including 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote malicious users to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
emc legato networker 6.1 |
||
emc legato networker 7.13 |
||
sun solstice backup 6.1 |
||
sun storedge enterprise backup software 7.0 |
||
emc legato networker 4.2.2 |
||
emc legato networker 6.0 |
||
sun storedge enterprise backup software 7.1 |
||
sun storedge enterprise backup software 7.2 |
||
emc legato networker 7.2 |
||
sun solstice backup 6.0 |