diff options
| author | simon <simon@FreeBSD.org> | 2005-07-09 04:04:13 +0800 |
|---|---|---|
| committer | simon <simon@FreeBSD.org> | 2005-07-09 04:04:13 +0800 |
| commit | 5a2c6dd008a882bc71f7ca18c26184469a8e8c59 (patch) | |
| tree | c61256447353f27999e36582908473d760f3ecad /security | |
| parent | 71c5c0be3c38293b29160e3733ababde992a0df9 (diff) | |
| download | freebsd-ports-gnome-5a2c6dd008a882bc71f7ca18c26184469a8e8c59.tar.gz freebsd-ports-gnome-5a2c6dd008a882bc71f7ca18c26184469a8e8c59.tar.zst freebsd-ports-gnome-5a2c6dd008a882bc71f7ca18c26184469a8e8c59.zip | |
Document nwclient -- multiple vulnerabilities (old issues).
PR: ports/82101
Submitted by: niels
Noticed by: Derik van Zuetphen <dz@426.ch>
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3d66fe8cb5fa..3f34f6b6da5f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,47 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="d177d9f9-e317-11d9-8088-00123f0f7307"> + <topic>nwclient -- multiple vulnerabilities</topic> + <affects> + <package> + <name>nwclient</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Insecure file permissions, network access control and DNS + usage put systems that use Legato NetWorker at risk.</p> + <p>When the software is running, several files that contain + sensitive information are created with insecure permissions. + The information exposed include passwords and can therefore + be used for privilege elevation.</p> + <p>An empty "servers" file, which should normally + contain hostnames of authorized backup servers, may allow + unauthorized backups to be made. Sensitive information can + be extracted from these backups.</p> + <p>When reverse DNS fails for the Legato client IP a weak + authorization scheme, containing a flaw that allows + unauthorized access, is used. This may allow unauthorized + access.</p> + </body> + </description> + <references> + <bid>3564</bid> + <bid>3840</bid> + <bid>3842</bid> + <cvename>CAN-2001-0910</cvename> + <cvename>CAN-2002-0113</cvename> + <cvename>CAN-2002-0114</cvename> + <url>http://portal1.legato.com/resources/bulletins/372.html</url> + </references> + <dates> + <discovery>2002-01-10</discovery> + <entry>2005-07-08</entry> + </dates> + </vuln> + <vuln vid="107692a1-ee6c-11d9-8310-0001020eed82"> <topic>acroread -- insecure temporary file creation</topic> <affects> |