EMC.NetWorker.librpc.dll.Security.Check.Bypass
Description
This indicates attack attempt against a Security Bypass vulnerability in EMC Legato Networker.
The vulnerability is due to insufficient access control when handling portmap requests. Remote unauthenticated attackers can exploit the vulnerability by spoofing a source address as "localhost" or "127.0.0.1" to register Remote Procedure Call (RPC) services, allowing them to eavesdrop on communications.
Affected Products
EMC Legato NetWorker 7.5 prior to 7.5.3.5
EMC Legato NetWorker 7.6 prior to 7.6.1.2
Impact
Security Bypass: Remote attackers can bypass the security of vulnerable systems.
Recommended Actions
Refer to the vendor's website for a suggested workaround.
http://archives.neohapsis.com/archives/bugtraq/2011-01/att-0162/ESA-2011-003.txt
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |