Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3248

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-3248
Last Modified 29 Oct 2012 11:13:58
Published 21 Oct 2008 02:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-3248

Summary

qiomkfile in the Quick I/O for Database feature in Symantec Veritas File System (VxFS) on HP-UX, and before 5.0 MP3 on Solaris, Linux, and AIX, does not initialize filesystem blocks during creation of a file, which allows local users to obtain sensitive information by creating and then reading files.

Vulnerable Systems

Application

  • Symantec Veritas File System 5.0

  • Symantec Veritas File System Unknown


References

CONFIRM - http://www.symantec.com/avcenter/security/Content/2008.10.20.html

CONFIRM - http://seer.entsupport.symantec.com/docs/310872.htm

XF - symantec-vxfs-qiomkfile-info-disclosure(46008)

VUPEN - ADV-2008-2875

SECTRACK - 1021074

BID - 31678

BUGTRAQ - 20081021 SECOBJADV-2008-04: Symantec Veritas Storage Foundation Memory Disclosure Vulnerability

MISC - http://www.security-objectives.com/advisories/SECOBJSADV-2008-04.txt

MISC - http://www.security-objectives.com/advisories/SECOBJADV-2008-04.txt

SECUNIA - 32332


Last Updated: 27 May 2016 10:49:43