• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Sun StorEdge Sparse File Information Disclosure Vulnerability

Severity: HIGH

Description:

Sun StorEdge QFS is a shared filesystem for Solaris operating systems designed for SAN and NAS environments. Sun StorEdge SAM-FS is a policy based archiving service.

It is reported that StorEdge QFS and SAM-FS are both susceptible to a sparse file information disclosure vulnerability.

Sparse files contain logical blocks of 0x00 bytes. Sparse files can be created by seeking to positive offsets in files, and then writing data. The locations between where the first data is written (or the beginning of the file), and where the next data is written after the seek is usually not allocated by standard Unix filesystems. This unallocated space is filled by virtual 0x00 bytes, and is called a 'hole'. Files with holes are called sparse files.

QFS and SAM-FS are reported to incorrectly handle sparse files. If a user creates a sparse file, and afterwards reads the file back, potentially sensitive data that previously existed in the filesystem may be disclosed. This would occur when reading back locations of the sparse file that contain holes. These locations should contain nothing but 0x00 bytes.

Malicious users with access to the affected filesystems may exploit this vulnerability to gain access to potentially sensitive information contained in previously deleted files. This may aid them in further attacks.

Affected Products:

• Sun Performance Suite 4.0.0
• Sun Performance Suite 4.1.0
• Sun Utilization Suite 4.0.0
• Sun Utilization Suite 4.1.0

References:

• Sun Microsystems: Sun Alert ID: 57595 - Sparse Files Written to Shared Sun StorEdge QFS or Sun St
• Sun Microsystems: Sun StorEdge QFS Software Home Page
• Sun Microsystems: Sun StorEdge SAM-FS Software Home Page

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.