Bugtraq mailing list archives
Re: Veritas Volume Manager 3.0.x hole
From: lpreid () VIDEOTRON NET (Louis-Philippe Reid)
Date: Fri, 16 Jun 2000 15:05:18 -0400
-> Fri, 16 Jun 2000 - Dixie Flatline ecrivait:
-> Veritas Volume Manager 3.0.x for Solaris contains a security hole which can,
-> under specific circumstances, allow local users to gain root access.
-> Workaround & Comments
-> ---------------------
->
-> The trivial workaround: add "umask 022" to /etc/rc2.d/S96vmsa-server
-> before the line that starts the Storage Administrator Server.
->
umask 022
echo "umask 022" > /etc/init.d/umask.sh
for d in /etc/rc?.d
do
ln /etc/init.d/umask.sh $d/S00umask.sh
done
for a system-wide protection...
---
_/_/_/ Louis-Philippe Reid -- Administrateur de systemes Unix
_/_/ Ingenierie Telephonie IP - Videotron Communications Inc.
_/ tel: 514-380-7336 -- 2000 Berri, Montreal, QC, CA, H2L 4V7
Current thread:
- Ethics ?? : Re: local root on linux 2.2.15, (continued)
- Ethics ?? : Re: local root on linux 2.2.15 Gerrie (Jun 10)
- CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENSSH Andreas Hasenack (Jun 10)
- Trustix Security Advisory Oystein Viggen (Jun 09)
- Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC Tom Yu (Jun 09)
- Remote DOS in linux rpc.lockd mmurray () FSCINTERNET COM (Jun 08)
- Re: Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC Mike Friedman (Jun 09)
- Re: Sendmail 8.10.2, Linux 2.4.0 - capabilities Antonio Galea (Jun 15)
- Re: Sendmail 8.10.2, Linux 2.4.0 - capabilities Lionel Cons (Jun 16)
- Call For Participation - Raid 2000 Herve Debar (Jun 16)
- Veritas Volume Manager 3.0.x hole Dixie Flatline (Jun 16)
- Re: Veritas Volume Manager 3.0.x hole Louis-Philippe Reid (Jun 16)
- Perl Crypt::CBC concern Darryl Miles (Jun 17)
- Re: Veritas Volume Manager 3.0.x hole Doug Hughes (Jun 18)
- Re: Sendmail 8.10.2, Linux 2.4.0 - capabilities Solar Designer (Jun 17)