Symantec Veritas Storage Foundation unauthorized access updated since 23.10.2008
Published:		26.10.2008
Source:		BUGTRAQ
SecurityVulns ID:		9376
Type:		local
Level:		5/10
Description:		qioadmin utility allows local files read access. qiomkfile allows memory content reading.

Affected:		SYMANTEC : Veritas Storage Foundation 5.0
CVE:		CVE-2008-4638 (qioadmin in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, allows local users to read arbitrary files by causing qioadmin to write a file's content to standard error in an error message.)
		CVE-2008-3248 (qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating and then reading files.)

Original document		Security Objectives Corporation, SECOBJADV-2008-04: Symantec Veritas Storage Foundation Memory Disclosure Vulnerability (26.10.2008)
		Security Objectives Corporation, SECOBJADV-2008-05: Symantec Veritas Storage Foundation Arbitrary File Read Vulnerability (23.10.2008)

Discuss:

Read or add your comments to this news (0 comments)