CVE-2005-0359

3 documents3 sources

Severity

6.4MEDIUM

EPSS

10.2%

top 6.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

EMC Legato Networker SUN Solstice Backup SUN Storedge Enterprise Backup Software

Timeline

PublishedAug 23

Latest updateMay 1

Description

The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

▶NVDemc/legato_networker5 versions+4

▶NVDsun/storedge_enterprise_backup_software7.0, 7.1, 7.2+2

▶NVDsun/solstice_backup6.0, 6.1+1

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-55ww-f6rg-mqhm: The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6↗2022-05-01

▶

CVEList

CVE-2005-0359: The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6↗2005-08-20

▶