Arbitrary File Read Vulnerability in Symantec Veritas File System on HP-UX and Other Platforms
CVE-2008-4638

Currently unrated

Key Information:

Vendor: Symantec
Status: Veritas File System
Vendor: CVE Published:; 21 October 2008

What is CVE-2008-4638?

The Quick I/O for Database feature in Symantec Veritas File System (VxFS) contains a vulnerability that permits local users to read sensitive files. By exploiting qioadmin, users can manipulate the output to expose file contents through standard error messages, leading to potential information disclosure. This vulnerability affects users operating on HP-UX as well as those using earlier versions of VxFS on Solaris, Linux, and AIX platforms.

References

http://seer.entsupport.symantec.com/docs/310872.htm

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/497675/100/0/threaded

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/46009

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 21, 2008
Vulnerability Reserved
Oct 21, 2008