Problem
When product is configured in non-secure mode there is a command injection vulnerability in the availability component of Veritas InfoScale that allows an attacker to execute arbitrary commands as root/administrator.
Solution
A fix for this issue is available for the Access versions installed on RHEL 7 Operating system. To obtain this fix please contact Veritas Technical Support and quote this article ID.
Follow below steps on all the nodes of ACCESS:
- Download and extract the tar file from https://sort.veritas.com/public/infoscale/access/Infoscale_Security_Patch.tar
md5sum Infoscale_Security_Patch.tar
f73e9f27ef26bec2ff02c2af0e06caba Infoscale_Security_Patch.tar
tar -xvf Infoscale_Security_Patch.tar - Give execute permission to both the scripts in Infoscale_Security_Patch directory as follows:
chmod +x install.sh
chmod +x uninstall.sh - Execute install.sh script
./install.sh
NOTES:
- If ADD node operation is performed, follow above mentioned steps on newly added node as well.
- If you have applied this fix on some ACCESS version and wants to do rolling upgrade to some higher ACCESS version, follow below steps:
- Execute uninstall.sh script
- Upgrade the Access Software version
- Execute install.sh script again on upgraded ACCESS software version
References
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.