The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Legato_networker | Emc | 4.2.2 (including) | 4.2.2 (including) |
| Legato_networker | Emc | 6.0 (including) | 6.0 (including) |
| Legato_networker | Emc | 6.1 (including) | 6.1 (including) |
| Legato_networker | Emc | 7.2 (including) | 7.2 (including) |
| Legato_networker | Emc | 7.13 (including) | 7.13 (including) |
| Solstice_backup | Sun | 6.0 (including) | 6.0 (including) |
| Solstice_backup | Sun | 6.1 (including) | 6.1 (including) |
| Storedge_enterprise_backup_software | Sun | 7.0 (including) | 7.0 (including) |
| Storedge_enterprise_backup_software | Sun | 7.1 (including) | 7.1 (including) |
| Storedge_enterprise_backup_software | Sun | 7.2 (including) | 7.2 (including) |