Bugtraq mailing list archives
Re: Legato Vulnerable
From: Wolfgang Fischer <wf227 () yahoo de>
Date: Thu, 10 Jan 2002 23:05:19 +0100
This problem is fixed with the current version of NetWorker, 6.1.1. NetWorker will also not change the permissions of an existing /nsr/logs directory, you might change the permissions to 0700. Notice, you should not change the permissions of applogs, because db-modules are might run with non-root accounts.
Wolfgang
Am Donnerstag den, 10. Januar 2002, um 19:00, schrieb Venkatesh babu
Sira:
Scenario is Legato Networker with one drive as NDMP to Backup Netapp.When u start the group to backup Netapp using NDMP drive ,in /nsr/logs/daemon.log it writes all the info including username & passwd(clear text) for NetApp (usually it will root )As any one can read this file ,so that he can mess up NetApp.I Moved /nsr dir & stop & restarted Networker ,it will recreate /nsr dir with 755 perm.This is seriously vulnerable to NetApp. I masked few variables from my log file. Solaris7, Networker 6.1 & NetApp DataONTAP 6.0.3.
_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Current thread:
- Legato Vulnerable Venkatesh babu Sira (Jan 10)
- Re: Legato Vulnerable Wolfgang Fischer (Jan 10)