SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   PC NetLink Vendors:   Sun
(Vendor Issues Fix) Sun Solaris PC NetLink Software May Not Retain Access Control List Permissions When Restored After a Backup
SecurityTracker Alert ID:  1008355
SecurityTracker URL:  http://securitytracker.com/id/1008355
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 2 2003
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.x
Description:   A vulnerability has been reported in Sun's PC NetLink. The access control list permissions may be lost after a backup has been restored.

According to the report, backing up and subsequently restoring PC NetLink shared files or directories may result in the PC NetLink access control list (ACL) information being lost and the default permissions being applied.

Sun reports that only backup products that support the handling of PC Netlink ACLs on the server will cause this problem. This includes VERITAS NetBackup, Legato NetWorker Server, Client, and Storage Node software, and Solstice Backup. Backup software that accesses files and directories through the PC Netlink shares (such as backup software running on PC Clients or PC Servers) reportedly does not cause the problem.

The vulnerability only affects UNIX files and directories within a PC Netlink share that meet the following conditions:

* are a symbolic link, or
* reside one or more levels below a symbolically linked directory, or
* reside on a share that itself is a symbolically linked directory.

Impact:   The system may delete access control list permissions and instead apply the default permissions after an administrator has performed a backup restoration.
Solution:   Sun has issued a fixed version (2.x), available at:

http://www.sun.com/solutions/interoperability/netlink/

Vendor URL:  sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert%2F27807 (Links to External Site)
Cause:   State error
Underlying OS:  UNIX (Solaris - SunOS)

Message History:   This archive entry is a follow-up to the message listed below.
Jul 19 2002 Sun Solaris PC NetLink Software May Not Retain Access Control List Permissions When Restored After a Backup



 Source Message Contents

Subject:  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F27807


http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F27807

The vendor has issued a fixed version:

PC Netlink 2.x (available at http://www.sun.com/solutions/interoperability/netlink/).

-----

Sun Alert ID: 27807
Synopsis: PC Netlink's Access Control List Permissions May be Lost After Restore of a Backup
Category: Security, Data Loss
Product: PC Netlink
BugIDs: None
Avoidance: Upgrade, Workaround
State: Resolved
Date Released: 07-Sep-2001
Date Closed: 01-Dec-2003
Date Modified: 01-Dec-2003



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC