Bugtraq mailing list archives
Re: Veritas Volume Manager 3.0.x hole
From: lpreid () VIDEOTRON NET (Louis-Philippe Reid)
Date: Fri, 16 Jun 2000 15:05:18 -0400
-> Fri, 16 Jun 2000 - Dixie Flatline ecrivait: -> Veritas Volume Manager 3.0.x for Solaris contains a security hole which can, -> under specific circumstances, allow local users to gain root access. -> Workaround & Comments -> --------------------- -> -> The trivial workaround: add "umask 022" to /etc/rc2.d/S96vmsa-server -> before the line that starts the Storage Administrator Server. -> umask 022 echo "umask 022" > /etc/init.d/umask.sh for d in /etc/rc?.d do ln /etc/init.d/umask.sh $d/S00umask.sh done for a system-wide protection... --- _/_/_/ Louis-Philippe Reid -- Administrateur de systemes Unix _/_/ Ingenierie Telephonie IP - Videotron Communications Inc. _/ tel: 514-380-7336 -- 2000 Berri, Montreal, QC, CA, H2L 4V7
Current thread:
- Ethics ?? : Re: local root on linux 2.2.15, (continued)
- Ethics ?? : Re: local root on linux 2.2.15 Gerrie (Jun 10)
- CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENSSH Andreas Hasenack (Jun 10)
- Trustix Security Advisory Oystein Viggen (Jun 09)
- Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC Tom Yu (Jun 09)
- Remote DOS in linux rpc.lockd mmurray () FSCINTERNET COM (Jun 08)
- Re: Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC Mike Friedman (Jun 09)
- Re: Sendmail 8.10.2, Linux 2.4.0 - capabilities Antonio Galea (Jun 15)
- Re: Sendmail 8.10.2, Linux 2.4.0 - capabilities Lionel Cons (Jun 16)
- Call For Participation - Raid 2000 Herve Debar (Jun 16)
- Veritas Volume Manager 3.0.x hole Dixie Flatline (Jun 16)
- Re: Veritas Volume Manager 3.0.x hole Louis-Philippe Reid (Jun 16)
- Perl Crypt::CBC concern Darryl Miles (Jun 17)
- Re: Veritas Volume Manager 3.0.x hole Doug Hughes (Jun 18)
- Re: Sendmail 8.10.2, Linux 2.4.0 - capabilities Solar Designer (Jun 17)