CVE-2003-1575 — MEDIUM (4.6)

Vulnerability Description

VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem.

CVSS Score

4.6

MEDIUM

AV:L/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Symantec	Vxfs	3.3.3
Sun	Solaris	2.5.1

Related Weaknesses (CWE)

CWE-264

References

http://sunsolve.sun.com/search/document.do?assetkey=1-21-113207-05-1Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200161-1PatchVendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-21-113207-05-1Patch
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200161-1PatchVendor Advisory

FAQ

What is CVE-2003-1575?

CVE-2003-1575 is a vulnerability with a CVSS score of 4.6 (MEDIUM). VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to t...

How severe is CVE-2003-1575?

CVE-2003-1575 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2003-1575?

Check the references section above for vendor advisories and patch information. Affected products include: Symantec Vxfs, Sun Solaris.