When product is configured in non-secure mode there is a command injection vulnerability in the availability component of Veritas InfoScale that allows an attacker to execute arbitrary commands as root/administrator.
A fix for this issue is available for the Access versions installed on RHEL 7 Operating system. To obtain this fix please contact Veritas Technical Support and quote this article ID.
Follow below steps on all the nodes of ACCESS:
- Download and extract the tar file from https://sort.veritas.com/public/infoscale/access/Infoscale_Security_Patch.tar
tar -xvf Infoscale_Security_Patch.tar
- Give execute permission to both the scripts in Infoscale_Security_Patch directory as follows:
chmod +x install.sh
chmod +x uninstall.sh
- Execute install.sh script
- If ADD node operation is performed, follow above mentioned steps on newly added node as well.
- If you have applied this fix on some ACCESS version and wants to do rolling upgrade to some higher ACCESS version, follow below steps:
- Execute uninstall.sh script
- Upgrade the Access Software version
- Execute install.sh script again on upgraded ACCESS software version
Was this content helpful?
Rating submitted. Please provide additional feedback (optional):