Information Disclosure in Symantec Veritas File System on Multiple Platforms
CVE-2008-3248

Currently unrated

Key Information:

Vendor: Symantec
Status: Veritas File System
Vendor: CVE Published:; 21 October 2008

Summary

The qiomkfile utility in the Quick I/O for Database feature of the Symantec Veritas File System (VxFS) fails to initialize filesystem blocks during file creation. This oversight permits local users to exploit the vulnerability by creating and subsequently reading files, which can lead to unauthorized access to sensitive information stored in uninitialized blocks. The flaw is present in various versions of VxFS across HP-UX, Solaris, Linux, and AIX platforms, increasing the risk for data breaches.

References

http://secunia.com/advisories/32332

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id?1021074

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/31678

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 21, 2008
Vulnerability Reserved
Jul 21, 2008