CVE-2008-4638

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2008-4638 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Security Objectives Corporation.
The original article can be found at: http://www.security-objectives.com/advisories/SECOBJSADV-2008-05.txt

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2008-4638

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Veritas Storage Foundation 5.0

Immune Systems:
* Veritas Software File System version 5.0 MP3

qioadmin will write arbitrary files (including /etc/shadow) to stderr. Each line will be prepended with a custom error message followed by file contents. Clearly, this can lead to privilege escalation by cracking the password ciphertext for the "superuser" or root account.

Workaround:
Remove the set-uid bit from the qioadmin binary.
chmod u-s /opt/VRTS/bin/qioadmin

Vendor response:
Symantec included a fix for this problem in the recent maintenance release Veritas Software File System 5.0 MP3.

Disclosure timeline:
11-Aug-2008 Discovery of Vulnerability
18-Aug-2008 Developed Proof-of-Concept
21-Aug-2008 Reported to Vendor
20-Oct-2008 Maintenance Release
22-Oct-2008 Published Advisory
CVE Information:
CVE-2008-4638

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus