Hitachi Multiple Hibun Product PCMCIA Data Miscontrol Issue

2005-06-30T12:16:11
ID OSVDB:17674
Type osvdb
Reporter OSVDB
Modified 2005-06-30T12:16:11

Description

Vulnerability Description

The Hitachi Hibun Advanced Edition Server and Advanced Information Cypher products contain a flaw that may allow a malicious user to bypass access restrictions. The issue is triggered by an error that causes Hibun to recognize an external drive, that is connected to a computer through PCMCIA, as an internal disk and is unable to restrict files that are copied out to the hard disk. It is possible that the flaw may allow a local attacker to obtain sensitive information resulting in a loss of confidentiality.

Solution Description

Upgrade to version 07-50-/C for Hibun Advanced Edition Server (versions 07-50 through 07-50-/B) and to version 07-50-/C for Hibun Advanced Edition Information Cypher (versions 07-50 through 07-50-/B), as it has been reported to fix this vulnerability. Updates are reportedly being scheduled for the other versions.

An upgrade is required as there are no known workarounds.

Short Description

The Hitachi Hibun Advanced Edition Server and Advanced Information Cypher products contain a flaw that may allow a malicious user to bypass access restrictions. The issue is triggered by an error that causes Hibun to recognize an external drive, that is connected to a computer through PCMCIA, as an internal disk and is unable to restrict files that are copied out to the hard disk. It is possible that the flaw may allow a local attacker to obtain sensitive information resulting in a loss of confidentiality.

References:

Vendor Specific Solution URL: http://www.hitachi-support.com/security_e/vuls_e/HS05-011_e/01-e.html Vendor Specific Advisory URL Secunia Advisory ID:15863 Related OSVDB ID: 17673 Keyword: HS05-011-01 Bugtraq ID: 14114