Info

Disclosure

Mar 02, 2001

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

VERITAS Cluster Server (VCS) on Solaris contains a flaw that may allow a local denial of service. The '-L' option in lltstat command was undocumented and intended to be used with a new feature in a future release, but was inadvertently left enabled in the released version. This flaw allows a local attacker to cause a system panic by issusing the lltstat command with '-L' option, and will result in loss of availability.

Classification

Location: Local Access Required
Attack Type: Denial of Service, Misconfiguration
Impact: Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Veritas has released a patch to address this vulnerability.

Products

Veritas

Cluster Server

1.3.0

References

CVE ID: 2001-0287 (see also: NVD)
ISS X-Force ID: 6499
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-02/0528.html
Vendor Specific Advisory URL: http://seer.support.veritas.com/docs/234326.htm

Credit

Paul Hessels - paulhessels.ca -

Direct URL: http://osvdb.org/36218