Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Security App Flaws :: va1625.htm

Symantec Veritas Storage Foundation Arbitrary File Read Vulnerability
SECOBJADV-2008-05: Symantec Veritas Storage Foundation Arbitrary File Read Vulnerability
SECOBJADV-2008-05: Symantec Veritas Storage Foundation Arbitrary File Read Vulnerability

======================================================================         Security Objectives Advisory (SECOBJADV-2008-05)           =====================================================================
Veritas Storage Foundation Arbitrary File Read Vulnerability 

AFFECTED: Veritas Storage Foundation 5.0

PLATFORM: Solaris, Linux, AIX, HP-UX

CLASSIFICATION: Improper Ownership Management (CWE-282)

RESEARCHER: Derek Callaway

IMPACT: Arbitrary File Read



REFERENCES: CVE-2008-4638, SYM08-018, BID 31679


Veritas Storage Foundation 5.0 from Symantec provides a complete 
solution for heterogeneous online storage management. Based on the 
industry-leading Veritas Volume Manager and Veritas File System, it 
provides a standard set of integrated tools to centrally manage 
explosive data growth, maximize storage hardware investments, provide 
data protection and adapt to changing business requirements.


VxFS is an extent based, journaling filesystem. It implements a
"Quick I/O for Databases" feature; qioadmin is the setuid root
administration utility for this functionality. When given an arbitrary
filename, it will write the file's contents to the standard error stream.


qioadmin will write arbitrary files (including /etc/shadow) to stderr. 
Each line will be prepended with a custom error message followed by file
contents. Clearly, this can lead to privilege escalation by cracking the 
password ciphertext for the "superuser" or root account.


Remove the set-uid bit from the qioadmin binary.

chmod u-s /opt/VRTS/bin/qioadmin


Symantec included a fix for this problem in the recent maintenance 
release Veritas Software File System 5.0 MP3.


11-Aug-2008 Discovery of Vulnerability
18-Aug-2008 Developed Proof-of-Concept
21-Aug-2008 Reported to Vendor
20-Oct-2008 Maintenance Release
22-Oct-2008 Published Advisory


Security Objectives is a security centric consultancy and software development 
corporation which operates in the area of application assurance software. 
Security Objectives employs methods that are centered on software 
comprehension, therefore a more in-depth contextual understanding of the 
application is developed. 


Permission is granted for electronic distribution of this advisory.
It may not be edited without the written consent of Security Objectives.

The information contained in this advisory is believed to be accurate based on 
currently available information and is provided "as is" without warranty of 
any kind, either expressed or implied, including, but not limited to, the 
implied warranties of merchantability and fitness for a particular purpose. 
The entire risk as to the quality and performance of the information is with 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH