Re: Legato Vulnerable

From: Wolfgang Fischer (wf227at_private)
Date: Thu Jan 10 2002 - 14:05:19 PST

Next message: Roger H. Goun: "Re: Handspring Visor D.O.S"

Previous message: securityat_private: "Security Update: [CSSA-2002-SCO.1] OpenServer: wu-ftpd ftpglob() vulnerability"
In reply to: Venkatesh babu Sira: "Legato Vulnerable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This problem is fixed with the current version of NetWorker, 6.1.1. 
NetWorker will also not change the permissions of an existing /nsr/logs 
directory, you might change the permissions to 0700. Notice, you should 
not change the permissions of applogs, because db-modules are might run 
with non-root accounts.

	Wolfgang

Am Donnerstag den, 10. Januar 2002, um 19:00, schrieb Venkatesh babu 
Sira:

> Scenario is Legato Networker with one drive as NDMP to Backup Netapp.
> When u start the group to backup Netapp using NDMP drive ,in 
> /nsr/logs/daemon.log it writes all the info including username & 
> passwd(clear text) for NetApp (usually it will root )
> As any one can read this file ,so that he can mess up NetApp.
> I Moved /nsr dir & stop & restarted Networker ,it will recreate /nsr 
> dir with 755 perm.
> This is seriously vulnerable to NetApp.
> I masked few variables from my log file.
> Solaris7, Networker 6.1 & NetApp  DataONTAP 6.0.3.
>


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Next message: Roger H. Goun: "Re: Handspring Visor D.O.S"
Previous message: securityat_private: "Security Update: [CSSA-2002-SCO.1] OpenServer: wu-ftpd ftpglob() vulnerability"
In reply to: Venkatesh babu Sira: "Legato Vulnerable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 10 2002 - 15:03:49 PST