CVE-2005-3659 - OpenCVE

nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Emc	Legato Networker

Configuration 1 [-]

OR	cpe:2.3:a:emc:legato_networker:7.2:::::::*
	cpe:2.3:a:emc:legato_networker:7.2.1:::::::*
	cpe:2.3:a:emc:legato_networker:7.2_build172:::::::*

References

Link	Resource
ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT	Patch
http://secunia.com/advisories/18495	Exploit Patch Vendor Advisory
http://secunia.com/advisories/18615	Patch Vendor Advisory
http://securitytracker.com/id?1015500	Patch
http://securitytracker.com/id?1015545	Patch
http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375	Exploit Patch
http://www.legato.com/support/websupport/product_alerts/011606_NW.htm	Patch
http://www.securityfocus.com/bid/16275	Patch
http://www.vupen.com/english/advisories/2006/0233	Vendor Advisory
http://www.vupen.com/english/advisories/2006/0343	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/24173

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-01-18T02:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-11-18T00:00:00

Link: CVE-2005-3659

JSON object: View

NVD Information

Status : Modified

Published: 2005-12-31T05:00:00.000

Modified: 2017-07-11T01:33:16.313

Link: CVE-2005-3659

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-01-16T00:00:00", "descriptions": [{"lang": "en", "value": "nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1015545", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015545"}, {"name": "18615", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18615"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"}, {"name": "20060117 EMC Legato Networker nsrd.exe DoS Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375"}, {"name": "ADV-2006-0343", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0343"}, {"name": "18495", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18495"}, {"name": "1015500", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015500"}, {"name": "16275", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16275"}, {"name": "ADV-2006-0233", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0233"}, {"name": "legato-nsrd-dos(24173)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24173"}, {"name": "102148", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3659", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1015545", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015545"}, {"name": "18615", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18615"}, {"name": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm", "refsource": "CONFIRM", "url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"}, {"name": "20060117 EMC Legato Networker nsrd.exe DoS Vulnerability", "refsource": "IDEFENSE", "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375"}, {"name": "ADV-2006-0343", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0343"}, {"name": "18495", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18495"}, {"name": "1015500", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015500"}, {"name": "16275", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16275"}, {"name": "ADV-2006-0233", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0233"}, {"name": "legato-nsrd-dos(24173)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24173"}, {"name": "102148", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"}, {"name": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT", "refsource": "CONFIRM", "url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3659", "datePublished": "2006-01-18T02:00:00", "dateReserved": "2005-11-18T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:emc:legato_networker:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "9C2D787A-DCA0-45CE-A5C3-41850970B468", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:legato_networker:7.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4FA00514-6EFF-4BE4-A49E-30C4FF42998B", "vulnerable": true}, {"criteria": "cpe:2.3:a:emc:legato_networker:7.2_build172:*:*:*:*:*:*:*", "matchCriteriaId": "7E0DFF6E-6234-4C04-AD61-BDB52CFFF7EF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference."}], "id": "CVE-2005-3659", "lastModified": "2017-07-11T01:33:16.313", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "ftp://ftp.legato.com/pub/NetWorker/Updates/LGTpa83990/README.TXT"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18495"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18615"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://securitytracker.com/id?1015500"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://securitytracker.com/id?1015545"}, {"source": "cve@mitre.org", "url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102148-1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=375"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.legato.com/support/websupport/product_alerts/011606_NW.htm"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/16275"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0233"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0343"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24173"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}