PT-2010-1195 · Sun+1 · Sun Solaris+1
Published
2010-01-28
·
Updated
2010-01-31
·
CVE-2003-1575
CVSS v2.0
4.6
Medium
| Vector | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
VERITAS File System (VxFS) versions 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9
Description
The issue is related to the improper implementation of inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode. This allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem.
Recommendations
For VERITAS File System (VxFS) versions 3.3.3, 3.4, and 3.5, apply MP1 Rolling Patch 02 to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sun Solaris
Veritas File System