SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  VERITAS Bare Metal Restore Vendors:  Veritas
VERITAS Bare Metal Restore for Tivoli Storage Manager Has Unspecified Flaw That Yields Root Privileges to Remote Users
SecurityTracker Alert ID:  1006172
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 26 2003
Impact:  Execution of arbitrary code via network, Root access via network
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 3.1.0, 3.1.1, 3.2.0, 3.2.1
Description:  A vulnerability was reported in the UNIX versions of VERITAS Bare Metal Restore for Tivoli Storage Manager. A remote user can gain root access on the system.

VERITAS issued several TechNotes warning that a remote user can execute arbitrary code on the BMR Main Server with the privileges of the administrator account (root) to gain root access on the system.

The cause of the vulnerability was not disclosed.

No further details were provided.
Impact:  A remote user can execute arbitrary code on the server with root privileges.
Solution:  VERITAS has reportedly prepared a BMR Maintenance Pack (MP) #4 (patch3.2.1-004) to correct the problem, available at:

http://seer.support.veritas.com/docs/254666.htm
Vendor URL:  support.veritas.com/docs/252933 (Links to External Site)
Cause:  Not specified

Message History:   None.

 Source Message Contents
Date:  Tue, 25 Feb 2003 21:42:16 -0500
Subject:  VERITAS Bare Metal Restore vulnerability

 

http://support.veritas.com/docs/252933

VERITAS issued several TechNotes warning of a security vulnerability in VERITAS Bare Metal Restore
for Tivoli Storage Manager (UNIX).   A remote user can execute arbitrary code on the BMR Main Server
with the privileges of the administrator account (root) to gain root access on the system.

TechNote ID:  252933

VERITAS has reportedly prepared a BMR Maintenance Pack (MP) #4 (patch3.2.1-004) to correct the
problem, available at:

http://seer.support.veritas.com/docs/254666.htm


-----

Products:  Bare Metal Restore for TSM    3.1.0, 3.1.1, 3.2.0, 3.2.1

Subject: Application - Informational
Application - Notification

Languages: English

Operating Systems:

AIX    4.2.1, 4.3, 4.3.1, 4.3.2, 4.3.3, 5.1
HP-UX    10.2, 11.0, 11.11
Solaris    2.6, 7, 8


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC