Executive Summary

Summary
Title NetApp Data ONTAP contains multiple vulnerabilities
Informations
Name VU#329772 First vendor Publication 2008-07-25
Vendor VU-CERT Last vendor Modification 2008-07-28
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#329772

NetApp Data ONTAP contains multiple vulnerabilities

Overview

NetApp Data ONTAP contains multiple vulnerabilities. The most severe of these vulnerabilities may allow an attacker to execute commands, view sensitive data, or cause a system to crash.

I. Description

NetApp Data ONTAP contains multiple undisclosed vulnerabilities.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary commands, view log files or other sensitive data, or cause a vulnerable system to crash.

III. Solution

Upgrade

These issues are fixed in new maintenance releases designated Data ONTAP 7.0.7, 7.1.3, and 7.2.5.1. Administrators with active support agreements are encouraged to log in to the NetApp portal to access more information about these issues:
http://now.netapp.com/NOW/products/cpc/cpc0807-01.shtml
http://now.netapp.com/NOW/products/cpc/cpc0807-02.shtml
http://now.netapp.com/NOW/products/cpc/cpc0807-03.shtml

Operators are advised to upgrade to one of these releases as soon as possible. Administrators running systems with Data ONTAP that were purchased from an OEM other than NetApp should see their OEM for updates.

Restrict access

Some of these vulnerabilities can be mitigated by restricting access to a vulnerable system. Administrators should consider using httpd.admin.access or other access controls.

Systems Affected

VendorStatusDate Updated
IBM eServerUnknown7-Jul-2008
NetAppVulnerable28-Jul-2008

References


http://www.netapp.com/us/products/platform-os/data-ontap/
http://now.netapp.com/NOW/products/cpc/cpc0807-01.shtml
http://now.netapp.com/NOW/products/cpc/cpc0807-02.shtml
http://now.netapp.com/NOW/products/cpc/cpc0807-03.shtml

Credit

Thanks to NetApp for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public06/25/2008
Date First Published07/25/2008 11:02:25 AM
Date Last Updated07/28/2008
CERT Advisory 
CVE-ID(s) 
NVD-ID(s) 
US-CERT Technical Alerts 
Metric18.04
Document Revision15

Original Source

Url : http://www.kb.cert.org/vuls/id/329772

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1

Open Source Vulnerability Database (OSVDB)

Id Description
46934 IBM Network Appliance Data ONTAP Multiple Unspecified Issues