[15395] in bugtraq
Re: Veritas Volume Manager 3.0.x hole
daemon@ATHENA.MIT.EDU (Louis-Philippe Reid)
Tue Jun 20 13:18:00 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000616150518.A27116@modemcable254.3-113-216.mtl.mc.>
Date: Fri, 16 Jun 2000 15:05:18 -0400
Reply-To: Louis-Philippe Reid <lpreid@VIDEOTRON.NET>
From: Louis-Philippe Reid <lpreid@VIDEOTRON.NET>
X-To: Dixie Flatline <echo8@WHIP.TWISTEDPAIR.CA>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.20.0006161311110.24059-100000@whip.twistedpair.ca>;
from echo8@WHIP.TWISTEDPAIR.CA on Fri, Jun 16,
2000 at 01:13:14PM -0300
-> Fri, 16 Jun 2000 - Dixie Flatline ecrivait:
-> Veritas Volume Manager 3.0.x for Solaris contains a security hole which can,
-> under specific circumstances, allow local users to gain root access.
-> Workaround & Comments
-> ---------------------
->
-> The trivial workaround: add "umask 022" to /etc/rc2.d/S96vmsa-server
-> before the line that starts the Storage Administrator Server.
->
umask 022
echo "umask 022" > /etc/init.d/umask.sh
for d in /etc/rc?.d
do
ln /etc/init.d/umask.sh $d/S00umask.sh
done
for a system-wide protection...
---
_/_/_/ Louis-Philippe Reid -- Administrateur de systemes Unix
_/_/ Ingenierie Telephonie IP - Videotron Communications Inc.
_/ tel: 514-380-7336 -- 2000 Berri, Montreal, QC, CA, H2L 4V7
