SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Veritas Cluster Server Vendors:   Veritas
VERITAS Cluster Server Has an Unspecified Hole That Lets Remote Users Gain Root Level Access
SecurityTracker Alert ID:  1005204
SecurityTracker URL:  http://securitytracker.com/id/1005204
CVE Reference:   CVE-2002-1817   (Links to External Site)
Updated:  Jun 3 2008
Original Entry Date:  Sep 9 2002
Impact:   Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in VERITAS Cluster Server (VCS). A remote user may be able to gain root level access on the system.

VERITAS reported that, under certain circumstances, a remote user may be able to gain unauthorized root access to the VCS cluster.

No further details were provided.

Impact:   A remote user may be able to gain root level access.
Solution:   The vendor has issued fixed versions: 1.3.0+patch03 (Solaris), 1.3.1+patch03 (HP-UX) and 1.2.1 (WinNT). VERITAS Software highly recommends that all administrators of a VCS cluster upgrade to these versions or greater immediately.

For additional information and instructions how to upgrade to the above versions, see TechNote 238143:

http://seer.support.veritas.com/docs/238143.htm

Vendor URL:  seer.support.veritas.com/docs/238143.htm (Links to External Site)
Cause:   Not specified
Underlying OS:  UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT)

Message History:   None.


 Source Message Contents

Subject:  Veritas bug


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A security flaw in VERITAS Cluster Server (VCS) allows for potential
"unauthorized" root access.

TechAlert ID:  238479 Last Updated:  September 04 2001 06:42 PM GMT

Caution!  The information in this TechAlert is based upon certain
assumptions, including product, operating system and platform versions.
You can review this information in the TechAlert Summary portion of this
document.

This document (238479) is provided subject to the disclaimer at the end
of this document.


- --------------------------------------------------------------------------------


Abstract:

A security flaw in VERITAS Cluster Server (VCS) allows for potential
"unauthorized" root access.


Detail:

Dear Valued VERITAS Customer,

VERITAS Technical Support has recently discovered a serious security
flaw with VERITAS Cluster Server (VCS), prior to versions 1.3.0+patch03
(Solaris), 1.3.1+patch03 (HP-UX) and 1.2.1 (WinNT).  This TechAlert is
to inform you of the circumstances and/or conditions under which this
problem could occur and to provide the remedy for it.  This alert was
generated because product quality and customer responsiveness are
consistent VERITAS Software hallmarks and any issue that could
potentially affect your data is viewed as extremely serious.

THE ISSUE:  A serious security flaw with VCS has been discovered which,
under certain circumstances, can allow unauthorized root access.

This issue has been fully resolved in versions 1.3.0+patch03 (Solaris),
1.3.1+patch03 (HP-UX) and 1.2.1 (WinNT).  VERITAS Software therefore
highly recommends that all administrators of a VCS cluster upgrade to
these versions or greater immediately.

For additional information and instructions how to upgrade to the above
versions, please click on the link below to view TechNote 238143:

http://seer.support.veritas.com/docs/238143.htm

Sincerely,
VERITAS Software
Technical Support



Related Documents:

238143:  http://seer.support.veritas.com/docs/238143.htm A security flaw
in VERITAS Cluster Server (VCS) has been discovered which allows for
potential unauthorized root access.





- --------------------------------------------------------------------------------
TechAlert Summary:

TechAlert Title:  A security flaw in VERITAS Cluster Server (VCS) allows
                 for potential "unauthorized" root access.

TechAlert ID: 238479

Last Updated: September 04 2001 06:42 PM GMT

This information in this TechAlert applies to:

Products:
Cluster File System    3.4
Cluster Server for UNIX    1.3.0, 1.3.1
Cluster Server for Windows NT    1.2
SANPoint FS HA    3.4

Subject:
Cluster File System - Application - Alert
Cluster File System - Application - Client Support
Cluster File System - Application - Patches
Cluster File System - Application - Upgrade
Cluster File System - Publishing Status - Techalert
Cluster Server for UNIX - Application - Alert
Cluster Server for UNIX - Application - Client Support
Cluster Server for UNIX - Application - Patches
Cluster Server for UNIX - Application - Upgrade
Cluster Server for UNIX - Publishing Status - Techalert
Cluster Server for Windows NT - Application - Alert
Cluster Server for Windows NT - Environment - Alert
Cluster Server for Windows NT - Publishing Status - Techalert
SANPoint FS HA - Application - Alert
SANPoint FS HA - Application - Client Support
SANPoint FS HA - Application - Patches
SANPoint FS HA - Application - Upgrade
SANPoint FS HA - Publishing Status - Techalert

Languages: English

Operating Systems: HP-UX    11.0
Solaris    2.5.1, 2.6, 7, 8
Windows NT    4.0 Serv SP5, 4.0 Serv SP6a
Windows NT Small Business Server    4.0


- --------------------------------------------------------------------------------


VERITAS Software, 1600 Plymouth Street, Mountain View, California 94043
World Wide Web:  http://www.veritas.com

Tech Support Web:  http://support.veritas.com

E-Mail Support:  http://seer.support.veritas.com/email_forms

FTP:ftp://ftp.support.veritas.com or http://ftp.support.veritas.com



THE INFORMATION PROVIDED IN THE VERITAS SOFTWARE KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.  VERITAS SOFTWARE
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  IN
NO EVENT SHALL VERITAS SOFTWARE OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
VERITAS SOFTWARE OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES.  SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION
OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA/AwUBPXyYXcXrSKQHhgFwEQIwfACgkLC9icjgczKuPkrHPYRX5PwyzXgAn33x
/bNCCQt6k9J0jk1PfwfIHa4D
=BOO2
-----END PGP SIGNATURE-----


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC