VERITAS File System (VxFS) on Sun Solaris Grants File Access to Local Users
|
|
SecurityTracker Alert ID: 1007074
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 27 2003
|
Impact: Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 3.3.3, 3.4, and 3.5
|
Description: An access control vulnerability was reported in the VERITAS File System (VxFS) on Sun Solaris. A local user can gain unauthorized access to files.
Sun reported that when a new file is created on VxFS, access control lists may not be set properly. A local user may be able to gain unauthorized access to files.
|
Impact: A local user may be able to gain unauthorized access to files stored on the file system.
|
Solution: Sun has issued the following fixes:
SPARC Platform
VxFS 3.4 (for Solaris 2.6): patch 110433-08 or later
VxFS 3.4 (for Solaris
7): patch 110434-09 or later
VxFS 3.4 (for Solaris 8): patch 110435-08 or later
VxFS 3.4 (for Solaris 9): patch 113604-01 or later
VxFS
3.5 (for Solaris 7): patch 113205-05 or later
VxFS 3.5 (for Solaris 8): patch 113206-05 or later
VxFS 3.5 (for Solaris 9): patch
113207-05 or later
Sun notes that VxFS 3.3.3 will require an upgrade. Sun also notes that VxFS 3.5 for Solaris 2.6 is not supported,
so any users of that version combination should contact VERITAS and reference VERITAS incident #113367 for assistance.
|
Vendor URL: sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55060 (Links to External Site)
|
Cause: Access control error
|
Underlying OS: UNIX (Solaris - SunOS)
|
Underlying OS Comments: Solaris 2.6, 7, 8, and 9
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 27 Jun 2003 08:18:34 -0400
Subject: Access Control List (ACL) Permissions May Not be Consistently Set
|
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55060
Sun Alert 55060: Access Control List (ACL) Permissions May Not be Consistently Set on New
VERITAS File System (VxFS) Files Which May Allow Unauthorized Access
Sun reported a vulnerability in Sun Solaris. When a new file is created on a VERITAS File
System (VxFS), access control lists (ACLs) may not be set properly. A local user may be
able to gain unauthorized access to files.
VxFS versions 3.3.3, 3.4, and 3.5 are affected.
Sun has issued the following fixes:
SPARC Platform
VxFS 3.4 (for Solaris 2.6) with patch 110433-08 or later
VxFS 3.4 (for Solaris 7) with patch 110434-09 or later
VxFS 3.4 (for Solaris 8) with patch 110435-08 or later
VxFS 3.4 (for Solaris 9) with patch 113604-01 or later
VxFS 3.5 (for Solaris 7) with patch 113205-05 or later
VxFS 3.5 (for Solaris 8) with patch 113206-05 or later
VxFS 3.5 (for Solaris 9) with patch 113207-05 or later
Sun notes that VxFS 3.3.3 will require an upgrade. Sun also notes that VxFS 3.5 for
Solaris 2.6 is not supported, so any users of that version combination should contact
VERITAS and reference VERITAS incident #113367 for assistance.
-----
Sun Alert ID: 55060
Synopsis: Access Control List (ACL) Permissions May Not be Consistently Set on New VERITAS
File System (VxFS) Files
Category: Security
Product: VERITAS File System (VxFS)
BugIDs: 4778806
Avoidance: Patch
State: Resolved
Date Released: 26-Jun-2003
Date Closed: 26-Jun-2003
Date Modified:
|
|
