Note: This is an archival copy of Security Sun Alert 201341 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001015.1.
Sun Cluster 3.1
Date of Resolved Release
A Security Vulnerability in the Sun Cluster Global File System (see below for details)
On a Sun Cluster File System, one or both of the following issues may occur:
1. An unprivileged local user may be able to read data from deleted files owned by other users.
2. Data integrity issues may occur on certain applications.
2. Contributing Factors
These issues can occur in the following releases:
Note: Sun Cluster 3.0 is not vulnerable to this issue.
The described issues only occur on global filesystems mounted on top of ufs filesystems. These issues have not been seen on global filesystems mounted on top of vxfs filesystems.
There are no reliable symptoms that would indicate issue 1 described above has been exploited.
If issue 2 described above occurs, files in global filesystems may contain garbage data. This may cause unpredictable results following file read operations.
There is no workaround. Please see the "Resolution" section below.
This issue is addressed in the following releases:
Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment