Legato NetWorker Insecure Log Permissions Vulnerability
Legato NetWorker is a server package designed to help share data, media and backup processes across a heterogeneous network. The Legato NetWorker server will run on a number of Unix variants, as well as Microsoft Windows NT/2000 systems.
nsrd is the daemon that provides the Legato Storage Manager service. It is also responsible for starting other daemons. Log files for nsrd are located in the /nsr/logs/ directory.
By default, nsrd creates log files for backup processes with world-readable permissions, allowing any local user to peruse their contents. If the administrator tries to relocate or remove the logs directory, nsrd will recreate it again with world-readable permissions once it is restarted.
This issue is further compounded by the fact Legato NetWorker stores extremely sensitive information in plaintext about other backed-up systems in the logs. This may make it possible for a local attacker to gain access to other hosts on the network, possibly with elevated privileges. This additional vulnerability is described in BugTraq ID 3842 "Legato NetWorker Plaintext Log File Vulnerability".
This vulnerability was discovered in Legato NetWorker 6.1 and has not been confirmed with other versions. However, the possibility that other versions are affected shouldn't be ruled out.