CVE-2005-0357

EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.

Published: Aug 23, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-0357
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
emc / legato_networker	6.0	6.0.x
emc / legato_networker	7.2	7.2.x
emc / legato_networker	4.2.2	4.2.2.x
sun / storedge_enterprise_backup_software	7.0	7.0.x
sun / storedge_enterprise_backup_software	7.1	7.1.x
sun / storedge_enterprise_backup_software	7.2	7.2.x
sun / solstice_backup	6.1	6.1.x
emc / legato_networker	7.13	7.13.x
sun / solstice_backup	6.0	6.0.x
emc / legato_networker	6.1	6.1.x

http://secunia.com/advisories/16464
http://secunia.com/advisories/16470
http://securitytracker.com/id?1014713
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1
http://www.kb.cert.org/vuls/id/606857
http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm
http://www.osvdb.org/18800
http://www.securityfocus.com/bid/14582
https://exchange.xforce.ibmcloud.com/vulnerabilities/21887

Vulnerability Database

289,871

CVE-2005-0357