VERITAS Cluster Server on Solaris lltstat -L DoS

2001-03-02T00:00:00
ID OSVDB:6025
Type osvdb
Reporter Paul Hessels(paul@hessels.ca)
Modified 2001-03-02T00:00:00

Description

Vulnerability Description

VERITAS Cluster Server (VCS) on Solaris contains a flaw that may allow a local denial of service. The '-L' option in lltstat command was undocumented and intended to be used with a new feature in a future release, but was inadvertently left enabled in the released version. This flaw allows a local attacker to cause a system panic by issusing the lltstat command with '-L' option, and will result in loss of availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Veritas has released a patch to address this vulnerability.

Short Description

VERITAS Cluster Server (VCS) on Solaris contains a flaw that may allow a local denial of service. The '-L' option in lltstat command was undocumented and intended to be used with a new feature in a future release, but was inadvertently left enabled in the released version. This flaw allows a local attacker to cause a system panic by issusing the lltstat command with '-L' option, and will result in loss of availability.

References:

Vendor Specific Advisory URL Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-02/0528.html ISS X-Force ID: 6499 CVE-2001-0287