SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Veritas Bare Metal Restore Vendors:   Veritas
VERITAS Bare Metal Restore for Tivoli Storage Manager Has Unspecified Flaw That Yields Root Privileges to Remote Users
SecurityTracker Alert ID:  1006172
SecurityTracker URL:  http://securitytracker.com/id/1006172
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 26 2003
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.1.0, 3.1.1, 3.2.0, 3.2.1
Description:   A vulnerability was reported in the UNIX versions of VERITAS Bare Metal Restore for Tivoli Storage Manager. A remote user can gain root access on the system.

VERITAS issued several TechNotes warning that a remote user can execute arbitrary code on the BMR Main Server with the privileges of the administrator account (root) to gain root access on the system.

The cause of the vulnerability was not disclosed.

No further details were provided.

Impact:   A remote user can execute arbitrary code on the server with root privileges.
Solution:   VERITAS has reportedly prepared a BMR Maintenance Pack (MP) #4 (patch3.2.1-004) to correct the problem, available at:

http://seer.support.veritas.com/docs/254666.htm

Vendor URL:  support.veritas.com/docs/252933 (Links to External Site)
Cause:   Not specified
Underlying OS Comments:  AIX 4.2.1, 4.3, 4.3.1, 4.3.2, 4.3.3, 5.1; HP-UX 10.2, 11.0, 11.11; Solaris 2.6, 7, 8

Message History:   None.


 Source Message Contents

Subject:  VERITAS Bare Metal Restore vulnerability


http://support.veritas.com/docs/252933

VERITAS issued several TechNotes warning of a security vulnerability in VERITAS Bare Metal Restore
for Tivoli Storage Manager (UNIX).   A remote user can execute arbitrary code on the BMR Main Server
with the privileges of the administrator account (root) to gain root access on the system.

TechNote ID:  252933

VERITAS has reportedly prepared a BMR Maintenance Pack (MP) #4 (patch3.2.1-004) to correct the
problem, available at:

http://seer.support.veritas.com/docs/254666.htm


-----

Products:  Bare Metal Restore for TSM    3.1.0, 3.1.1, 3.2.0, 3.2.1

Subject: Application - Informational
Application - Notification

Languages: English

Operating Systems:

AIX    4.2.1, 4.3, 4.3.1, 4.3.2, 4.3.3, 5.1
HP-UX    10.2, 11.0, 11.11
Solaris    2.6, 7, 8


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC