SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Veritas Cluster Server Vendors:   Veritas
Veritas Cluster Server Can Be Crashed By Authorized Local Users
SecurityTracker Alert ID:  1000985
SecurityTracker URL:  http://securitytracker.com/id/1000985
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 5 2001
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.3.0 for Solaris only
Description:   There is a denial of service condition in Veritas Cluster Server that can allow an authorized local user to crash the system.

There is a vulnerability in VERITAS Cluster Server (VCS), version 1.3.0 on Solaris, that may cause the system to panic if a certain command is issued. The lltstat command with the unsupported and undocumented '-L' option will cause this. Veritas notes that the '-L' option was intended to be used with future feature and was inadvertently left enabled in the released version.

This issue only affects the 1.3.0 release of VCS for Solaris. It does not affect VCS for HP/UX or NT.

Impact:   The system can be crashed by an authorized local user.
Solution:   The vendor has released a patch. See the vendor URL.
Vendor URL:  seer.support.veritas.com/docs/234326.htm (Links to External Site)
Cause:   Input validation error
Underlying OS:  UNIX (Solaris - SunOS)

Message History:   None.


 Source Message Contents

Subject:  Option to VERITAS Cluster Server (VCS) lltstat command will panic


I had a hell of a time getting through to Veritas, but after I did they
reacted VERY quickly.  I apologize that I didn't get this info out to the
general community sooner, but Veritas didn't tell me that they released
the fix.

In the name of full disclosure:

synopsis:
"When using VERITAS Cluster Server (VCS), version 1.3.0 on Solaris,
issuing the lltstat command  with the unsupported and undocumented '-L'
option will panic that system. The '-L' option was intended to be used
with a new feature in a future release and was inadvertently left enabled
in the released utility. This  problem will not be encountered during
normal usage of VCS or the lltstat command."

full description and fix:
http://seer.support.veritas.com/docs/234326.htm

--
--
Paul Hessels

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC