PT-2008-4664 · Ibm+4 · Aix+4

Published

2008-10-21

Updated

2018-10-11

CVE-2008-3248

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Symantec Veritas File System (VxFS) versions prior to 5.0 MP3 on Solaris, Linux, and AIX Symantec Veritas File System (VxFS) on HP-UX

Description: The issue concerns the Quick I/O for Database feature in Symantec Veritas File System (VxFS), where the qiomkfile does not properly initialize filesystem blocks during file creation. This allows local users to access sensitive information by creating and then reading files.

Recommendations: For Symantec Veritas File System (VxFS) versions prior to 5.0 MP3 on Solaris, Linux, and AIX, update to version 5.0 MP3 or later. For Symantec Veritas File System (VxFS) on HP-UX, consider restricting access to the Quick I/O for Database feature until a patch is available. As a temporary workaround, consider disabling the Quick I/O for Database feature to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2008-3248

Affected Products

Aix

Hp-Ux

Linux

Solaris

Symantec Veritas File System

PT-2008-4664 · Ibm+4 · Aix+4

CVE-2008-3248

Weakness Enumeration

Related Identifiers

Affected Products

References · 11