Note: This is an archival copy of Security Sun Alert 200161 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000116.1.
Date of Resolved Release
A local unprivileged user may be able to gain additional access privileges to VERITAS File System (VxFS) files due to incorrect permissions being set when Access Control Lists (ACLs) are being utilized.
This issue can occur in the following releases:
Note: VxFS 3.5 (for Solaris 2.6) is not supported. Affected customers using VxFS 3.5 on Solaris 2.6 should contact VERITAS and reference VERITAS incident #113367.
The ACL permissions are not set consistently when new files are created. The result is that the permissions for some new files may be more open than intended.
There is no workaround. Please see the "Resolution" section below.
This issue is addressed in the following releases:
Note: VxFS 3.3.3 will require an upgrade.
Veritas File System 3.5 Software
This solution has no attachment