FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  363221
Date:      2014-07-28
Time:      18:38:13Z
Committer: cs

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d177d9f9-e317-11d9-8088-00123f0f7307nwclient -- multiple vulnerabilities

Insecure file permissions, network access control and DNS usage put systems that use Legato NetWorker at risk.

When the software is running, several files that contain sensitive information are created with insecure permissions. The information exposed include passwords and can therefore be used for privilege elevation.

An empty "servers" file, which should normally contain hostnames of authorized backup servers, may allow unauthorized backups to be made. Sensitive information can be extracted from these backups.

When reverse DNS fails for the Legato client IP a weak authorization scheme, containing a flaw that allows unauthorized access, is used. This may allow unauthorized access.


Discovery 2002-01-10
Entry 2005-07-08
nwclient
gt 0

3564
3840
3842
CVE-2001-0910
CVE-2002-0113
CVE-2002-0114
http://portal1.legato.com/resources/bulletins/372.html
d177d9f9-e317-11d9-8088-00123f0f7307nwclient -- multiple vulnerabilities

Insecure file permissions, network access control and DNS usage put systems that use Legato NetWorker at risk.

When the software is running, several files that contain sensitive information are created with insecure permissions. The information exposed include passwords and can therefore be used for privilege elevation.

An empty "servers" file, which should normally contain hostnames of authorized backup servers, may allow unauthorized backups to be made. Sensitive information can be extracted from these backups.

When reverse DNS fails for the Legato client IP a weak authorization scheme, containing a flaw that allows unauthorized access, is used. This may allow unauthorized access.


Discovery 2002-01-10
Entry 2005-07-08
nwclient
gt 0

3564
3840
3842
CVE-2001-0910
CVE-2002-0113
CVE-2002-0114
http://portal1.legato.com/resources/bulletins/372.html