FreeBSD : nwclient -- multiple vulnerabilities (d177d9f9-e317-11d9-8088-00123f0f7307)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Insecure file permissions, network access control and DNS usage put
systems that use Legato NetWorker at risk.

When the software is running, several files that contain sensitive
information are created with insecure permissions. The information
exposed include passwords and can therefore be used for privilege
elevation.

An empty 'servers' file, which should normally contain hostnames of
authorized backup servers, may allow unauthorized backups to be made.
Sensitive information can be extracted from these backups.

When reverse DNS fails for the Legato client IP a weak authorization
scheme, containing a flaw that allows unauthorized access, is used.
This may allow unauthorized access.

See also :

http://portal1.legato.com/resources/bulletins/372.html
http://www.nessus.org/u?f0f9ebb7

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.4
(CVSS2#E:U/RL:U/RC:ND)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 56496 ()

Bugtraq ID: 3564
3840
3842

CVE ID: CVE-2001-0910
CVE-2002-0113
CVE-2002-0114

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now