Korean

<< Back VID 23140 Severity 40 Port 7938 Protocol TCP Class Daemon Detailed Description A Backup software is running on the host and seems to be vulnerable to multiple vulnerabilities. The software is one of EMC Legato Networker, Sun StorEdge Enterprise Backup Software, or Sun Solstice Backup Software. These are a backup and recovery server program for Unix and Windows operating systems. EMC Legato Networker versions 6.0.x, 7.2, 7.1.3, and Sun StorEdge Enterprise Backup Software versions 7.2, 7.1, 7.0, and Solstice Backup Software versions 6.0 and 6.1 are vulnerable to multiple denial of service, privilege escalation, unauthorized access and arbitrary command execution vulnerabilities. * References: http://www.legato.com/support/websupport/product_alerts/081605_NW-7x.htm http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1 http://www.ciac.org/ciac/bulletins/p-281.shtml http://secunia.com/advisories/16464/ http://www.securitytracker.com/alerts/2005/Aug/1014713.html http://www.kb.cert.org/vuls/id/407641 http://www.kb.cert.org/vuls/id/606857 http://www.kb.cert.org/vuls/id/801089 * Platforms Affected: EMC Legato Networker 6.0.x, 7.2, 7.1.3 Sun Microsystems, Solstice Backup 6.0 Sun Microsystems, Solstice Backup 6.1 Sun Microsystems, Sun StorEdge Enterprise Backup Software 7.0 Sun Microsystems, Sun StorEdge Enterprise Backup Software 7.1 Sun Microsystems, Sun StorEdge Enterprise Backup Software 7.2 Any operating system Any version Recommendation For EMC Legato NetWorker: Apply the appropriate hotfix as listed in the Legato Technical Product Alert August 16, 2005 at http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm For Sun StorEdge Enterprise and Solstice Backup Softwares: Apply the appropriate hotfix as listed in the Sun Alert Notification 101886 at http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1 Related URL CVE-2005-0357,CVE-2005-0358,CVE-2005-0359 (CVE) Related URL 14582 (SecurityFocus) Related URL 21887,21892,21893 (ISS)