Description
VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem.
References (2)
Core 2
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200161-1
Patch x_refsource_confirm
http://sunsolve.sun.com/search/document.do?assetkey=1-21-113207-05-1
Scores
EPSS
0.0005
EPSS Percentile
15.8%
Details
CWE
CWE-264
Status
published
Products (3)
symantec/vxfs
3.3.3
symantec/vxfs
3.4
symantec/vxfs
3.5
Published
Jan 28, 2010
Tracked Since
Feb 18, 2026