CVE-2002-0113
CVSS4.6
发布时间 :2002-03-25 00:00:00
修订时间 :2012-03-29 21:14:51
NMCOS    

[原文]EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform.


[CNNVD]Legato NetWorker不安全的日志文件许可权限漏洞(CNNVD-200203-047)

        
        Legato NetWorker是一个服务器软件包,用来在异种网络之间共享数据、媒体并进行备份。Legato NetWorker可运行一些UNIX变种和Windows NT/2000平台。
        Legato NetWorker存在设计问题,可以使本地攻击者访问到一些敏感信息,比如用户名和口令。
        nsrd是提供Legato存储管理的守护进程,它也负责启动其他守护进程。nsrd的日志文件位于/nsr/logs/目录。默认情况下nsrd以全局可读的许可权限创建日志文件供任何人读取。如果管理员试图重新定位或者删除日志目录,nsrd会在下次启动时会以全局可读的权限重建这个目录。因为在日志文件中以明文存放了一些关于其他备份系统的敏感信息,这可能使本地攻击者取得对其他系统的访问能力。这个漏洞在6.1版的Legato NetWorker被发现,但很有可能其他版本的Legato NetWorker软件也受影响。
        

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0113
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0113
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200203-047
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/3840
(UNKNOWN)  BID  3840
http://www.iss.net/security_center/static/7897.php
(VENDOR_ADVISORY)  XF  legato-nsrd-log-permissions(7897)
http://online.securityfocus.com/archive/1/249420
(VENDOR_ADVISORY)  BUGTRAQ  20020110 Legato Vulnerable

- 漏洞信息

Legato NetWorker不安全的日志文件许可权限漏洞
中危 设计错误
2002-03-25 00:00:00 2006-09-21 00:00:00
本地  
        
        Legato NetWorker是一个服务器软件包,用来在异种网络之间共享数据、媒体并进行备份。Legato NetWorker可运行一些UNIX变种和Windows NT/2000平台。
        Legato NetWorker存在设计问题,可以使本地攻击者访问到一些敏感信息,比如用户名和口令。
        nsrd是提供Legato存储管理的守护进程,它也负责启动其他守护进程。nsrd的日志文件位于/nsr/logs/目录。默认情况下nsrd以全局可读的许可权限创建日志文件供任何人读取。如果管理员试图重新定位或者删除日志目录,nsrd会在下次启动时会以全局可读的权限重建这个目录。因为在日志文件中以明文存放了一些关于其他备份系统的敏感信息,这可能使本地攻击者取得对其他系统的访问能力。这个漏洞在6.1版的Legato NetWorker被发现,但很有可能其他版本的Legato NetWorker软件也受影响。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 在Unix系统中设置日志目录/nsr/logs到700属性。
        厂商补丁:
        Legato
        ------
        目前厂商已经在6.1.1版本的软件中修补了这个漏洞,我们建议使用此软件的用户到厂商的主页获取最新版本:
        
        http://www.legato.com/

- 漏洞信息

14327
Legato NetWorker /nsr/logs/ Directory Permission Weakness Information Disclosure
Information Disclosure
Loss of Confidentiality

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-01-10 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Legato NetWorker Insecure Log Permissions Vulnerability
Design Error 3840
No Yes
2002-01-10 12:00:00 2009-07-11 09:56:00
This vulnerability was discovered by "Venkatesh babu Sira" <vsira@hotmail.com> and submitted to BugTraq on January 10th, 2002.

- 受影响的程序版本

Legato NetWorker 6.1
- Compaq Tru64 5.1
- Compaq Tru64 5.0 a
- Compaq Tru64 4.0 g
- HP HP-UX 11.0
- HP HP-UX 10.30
- HP HP-UX 10.20
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 4.3
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Novell Netware 5.1
- Novell Netware 5.0
- Novell Netware 4.11
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6

- 漏洞讨论

Legato NetWorker is a server package designed to help share data, media and backup processes across a heterogeneous network. The Legato NetWorker server will run on a number of Unix variants, as well as Microsoft Windows NT/2000 systems.

nsrd is the daemon that provides the Legato Storage Manager service. It is also responsible for starting other daemons. Log files for nsrd are located in the /nsr/logs/ directory.

By default, nsrd creates log files for backup processes with world-readable permissions, allowing any local user to peruse their contents. If the administrator tries to relocate or remove the logs directory, nsrd will recreate it again with world-readable permissions once it is restarted.

This issue is further compounded by the fact Legato NetWorker stores extremely sensitive information in plaintext about other backed-up systems in the logs. This may make it possible for a local attacker to gain access to other hosts on the network, possibly with elevated privileges. This additional vulnerability is described in BugTraq ID 3842 "Legato NetWorker Plaintext Log File Vulnerability".

This vulnerability was discovered in Legato NetWorker 6.1 and has not been confirmed with other versions. However, the possibility that other versions are affected shouldn't be ruled out.

- 漏洞利用

There is no exploit required.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站