Veritas Volume Manager 3.0.x File Permission Vulnerability

Solution:
Currently the SecurityFocus staff are not ware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

The vendor indicates that the problem has been remedied in beta versions of Volume Manager 3.1. The post to Bugtraq indicates that Veritas gave no indication that they would be releasing patches for previous versions.

This vulnerability can be fixed by editing the /etc/rc2.d/S96vmsa-server file, and adding the line:
umask 022
prior to the invocation of the Storage Adminstrator server. The best place to add this is the beginning of the script.



 

Privacy Statement
Copyright 2010, SecurityFocus