Article

'Serious' vulnerability in Veritas server

Bill Brenner

Veritas Software recommends users of its Cluster Server apply newly-available patches to plug a "serious" security hole an attacker could use to launch malicious code with root privileges.

"The potential for a serious system security breach has been found to exist in Veritas Cluster Server for Solaris, HP-UX, AIX, and Linux," the Mountain View, Calif.-based company said in an

    Requires Free Membership to View

advisory. "This issue does not exist on any version [of the server] for Windows."

The company said the patches address the problem for Solaris, HP-UX, AIX, and Linux versions and that if users of Cluster Server 4.0 on Solaris have already applied MP1, the issue is already resolved.

"It is highly recommended that all installations of Cluster Server be updated to include the fix for this potential security issue because root access can be achieved by unauthorized users," Veritas said.

Veritas said users should take the following steps to apply the patch:

  • Find the appropriate Unix platform and version in the advisory list;
  • Verify that you have the appropriate version of Cluster Server installed on which to apply the patch;
  • Open and read the listed tech file for your platform; and
  • Download the patch directly from that tech file.

Futher technical details are offered in the advisory.

Copenhagen, Denmark-based security firm Secunia said the vulnerability is "highly critical." Asked how much of a crossover impact the vulnerability could have, Secunia CTO Thomas Kristensen said by e-mail, "Our rating is solely based on an assessment of a single installation, not how widely used the product is. Unfortunately, Veritas hasn't published a lot of details."

Because of the potential for a security breach, Veritas said it is keeping most of those details under lock and key.

Kristensen said he's not aware of any workarounds to the problem. "I would recommend installing the patch rather than attempting to apply a workaround," he said.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: