CVE-2008-3248

Name of the Vulnerable Software and Affected Versions: Symantec Veritas File System (VxFS) versions prior to 5.0 MP3 on Solaris, Linux, and AIX Symantec Veritas File System (VxFS) on HP-UX

Description: The issue concerns the Quick I/O for Database feature in Symantec Veritas File System (VxFS), where the qiomkfile does not properly initialize filesystem blocks during file creation. This allows local users to access sensitive information by creating and then reading files.

Recommendations: For Symantec Veritas File System (VxFS) versions prior to 5.0 MP3 on Solaris, Linux, and AIX, update to version 5.0 MP3 or later. For Symantec Veritas File System (VxFS) on HP-UX, consider restricting access to the Quick I/O for Database feature until a patch is available. As a temporary workaround, consider disabling the Quick I/O for Database feature to minimize the risk of exploitation.