Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20755
HistoryOct 26, 2008 - 12:00 a.m.

SECOBJADV-2008-04: Symantec Veritas Storage Foundation Memory Disclosure Vulnerability

2008-10-2600:00:00
vulners.com
30
JSON

======================================================================
= Security Objectives Advisory (SECOBJADV-2008-04) =

Veritas Storage Foundation Memory Disclosure Vulnerability

http://www.security-objectives.com/advisories/SECOBJSADV-2008-04.txt

AFFECTED: Veritas Storage Foundation 5.0

PLATFORM: Solaris, Linux, AIX, HP-UX

CLASSIFICATION: Sensitive Information Uncleared Before Release (CWE-226)

RESEARCHER: Derek Callaway

IMPACT: Data Leakage

SEVERITY: Low

DIFFICULTY: Trivial

REFERENCES: CVE-2008-3248, SYM08-018, BID 31678

BACKGROUND

Veritas Storage Foundation 5.0 from Symantec provides a complete
solution for heterogeneous online storage management. Based on the
industry-leading Veritas Volume Manager and Veritas File System, it
provides a standard set of integrated tools to centrally manage
explosive data growth, maximize storage hardware investments, provide
data protection and adapt to changing business requirements.

SUMMARY

VxFS (VERITAS File System) is an extent based, journaling filesystem
included with Symantec's Storage Foundation Suite. It implements a
"Quick I/O for Databases" feature; the set-uid root program qiomkfile
manages special files that help to increase transaction processing
efficiency. Uninitialized chunks of memory are written to a hidden file
that qiomkfile creates at runtime. Depending on system activity prior
to invocation, the new file may contain sensitive information.

ANALYSIS

qiomkfile will write the unitialized data to a dot-file whose name is provided
as an argument. Varying the numeric values passed to qiomkfile on the
command-line through the -s and -h flags will cause disparate chunks of
file system memory to be written to the dot-file. According to C99,
(7.20.3.3.2) "The malloc function allocates space for an object whose
size is specified by size and whose value is indeterminate."

WORKAROUND

Remove the set-uid bit from the qiomkfile binary.

chmod u-s /opt/VRTS/bin/qiomkfile

VENDOR RESPONSE

Symantec included a fix for this problem in the recent maintenance
release Veritas Software File System 5.0 MP3.

DISCLOSURE TIMELINE

30-May-2008 Discovery of Vulnerability
31-May-2008 Developed Proof-of-Concept
10-Jun-2008 Reported to Vendor
20-Oct-2008 Maintenance Release
21-Oct-2008 Published Advisory

ABOUT SECURITY OBJECTIVES

Security Objectives is a security centric consultancy and software development
corporation which operates in the area of application assurance software.
Security Objectives employs methods that are centered on software
comprehension, therefore a more in-depth contextual understanding of the
application is developed.

http://security-objectives.com/

LEGAL

Permission is granted for electronic distribution of this advisory.
It may not be edited without the written consent of Security Objectives.

The information contained in this advisory is believed to be accurate based on
currently available information and is provided "as is" without warranty of
any kind, either expressed or implied, including, but not limited to, the
implied warranties of merchantability and fitness for a particular purpose.
The entire risk as to the quality and performance of the information is with
you.

Related

seebug 1
prion 1
cve 1
securityvulns 1
seebug
seebug
Symantec Veritas File System qiomkfile本地信息泄露漏洞
2008-10-23 00:00:00
prion
prion
Information disclosure
2008-10-21 18:00:00
cve
cve
CVE-2008-3248
2008-10-21 18:00:00
securityvulns
securityvulns
Symantec Veritas Storage Foundation unauthorized access
2008-10-26 00:00:00
JSON
Related for SECURITYVULNS:DOC:20755
seebug1prion1cve1securityvulns1