Insecure file permissions, network access control and DNS
usage put systems that use Legato NetWorker at risk.
When the software is running, several files that contain
sensitive information are created with insecure permissions.
The information exposed include passwords and can therefore
be used for privilege elevation.
An empty "servers" file, which should normally
contain hostnames of authorized backup servers, may allow
unauthorized backups to be made. Sensitive information can
be extracted from these backups.
When reverse DNS fails for the Legato client IP a weak
authorization scheme, containing a flaw that allows
unauthorized access, is used. This may allow unauthorized
access.