FreeBSD : nwclient -- multiple vulnerabilities (d177d9f9-e317-11d9-8088-00123f0f7307)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Insecure file permissions, network access control and DNS usage put
systems that use Legato NetWorker at risk.

When the software is running, several files that contain sensitive
information are created with insecure permissions. The information
exposed include passwords and can therefore be used for privilege

An empty 'servers' file, which should normally contain hostnames of
authorized backup servers, may allow unauthorized backups to be made.
Sensitive information can be extracted from these backups.

When reverse DNS fails for the Legato client IP a weak authorization
scheme, containing a flaw that allows unauthorized access, is used.
This may allow unauthorized access.

See also :

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.4
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 56496 ()

Bugtraq ID: 3564

CVE ID: CVE-2001-0910

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now