Title: Symantec Veritas File System 'qioadmin' Local Information Disclosure Vulnerability
Severity: LOW
Description:
Symantec Veritas File System (VxFS) is a commercial filesystem available for Unix and Unix-like operating systems.
VxFS is prone to a local information-disclosure vulnerability. This issue is present in the 'qioadmin' utility for the Quick I/O for Database feature. A flaw in the utility allows local users to supply filenames to the utility, causing the file contents to be outputted. This utility is installed setuid-superuser by default, allowing attackers to gain access to the contents of any file on an affected computer.
Successfully exploiting this issue allows privileged local attackers to access arbitrary file contents with superuser privileges. Information harvested may aid in further attacks.
Affected Products:
- Sun Solaris 2.5.1
- Sun Solaris 2.6
- Sun Solaris 7.0
- Sun Solaris 8
- Sun Solaris 9
- Veritas Software File System 3.2.0
- Veritas Software File System 3.3.3
- Veritas Software File System 3.4.0
- Veritas Software File System 3.5.0
- Veritas Software File System 4.1
- Veritas Software File System 5.0
References:
- Security Objectives: Veritas Storage Foundation Arbitrary File Read Vulnerability
- Symantec: SYM08-018 Veritas File System Quick I/O for Database Utility Information Disclos
- Symantec: SYM08-018 Veritas File System Quick I/O for Database Utility Information Disclos
- Symantec: Symantec Veritas Storage Foundation Product Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
