Security fix for VERITAS Cluster Server 3.5 (all versions) on Solaris - Symantec Security Advisory SYM05-023

Article:TECH44572  |  Created: 2005-01-28  |  Updated: 2005-01-16  |  Article URL http://www.symantec.com/docs/TECH44572
Article Type
Technical Solution

Product(s)

Issue



Security fix for VERITAS Cluster Server 3.5 (all versions) on Solaris - Symantec Security Advisory SYM05-023

Solution



This patch resolves a buffer overflow vulnerability in VERITAS Cluster Server 3.5 for Solaris.
This patch can be applied to 3.5 MP4 (VERITAS Cluster Server 3.5 patch level 5) only. All other 3.5 versions must first be upgraded to 3.5 MP4 before applying this patch:      http://support.veritas.com/docs/278582
All versions of VERITAS Cluster Server 3.5 on Solaris are affected and should be upgraded to MP4 and this patch applied. For further information on this vulnerability, refer to  http://support.veritas.com/docs/279870 which also contains links to patches for other platforms and versions.
This patch also contains a number of fixes for incidents not related to security (see below).
Refer to the information included in the patch file for installation instructions


Supplemental Materials

SourceETrack
Value284786
DescriptionWhen server returns ECONREFUSED, commands running on localhost should retry before exit.

SourceETrack
Value312812
DescriptionModify halog for UTF8 encoding.

SourceETrack
Value322217
DescriptionRemoved unnecessary 'sync' call from hacf.

SourceETrack
Value368367
DescriptionModify ha commands to show output when debug log tag is set.

SourceETrack
Value426545
DescriptionAdd engine check for username password length.

SourceETrack
Value426548
DescriptionPackaging changes to remove root suid in some binaries.


Legacy ID



279917


Article URL http://www.symantec.com/docs/TECH44572


Terms of use for this information are found in Legal Notices