Computer Security
[EN] securityvulns.ru no-pyccku


Symantec Veritas Storage Foundation unauthorized access
updated since 23.10.2008
Published:26.10.2008
Source:
SecurityVulns ID:9376
Type:local
Threat Level:
5/10
Description:qioadmin utility allows local files read access. qiomkfile allows memory content reading.
Affected:SYMANTEC : Veritas Storage Foundation 5.0
CVE:CVE-2008-4638 (qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message.)
 CVE-2008-3248 (qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating and then reading files.)
Original documentdocumentSecurity Objectives Corporation, SECOBJADV-2008-04: Symantec Veritas Storage Foundation Memory Disclosure Vulnerability (26.10.2008)
 documentSecurity Objectives Corporation, SECOBJADV-2008-05: Symantec Veritas Storage Foundation Arbitrary File Read Vulnerability (23.10.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod