Sun Cluster contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user removes the status file, creates a symlink in the /var/opt/SUNWcluster/fm/fmstatus/nfs/<logicalhostname> directory, then telnets into localhost on port 1200 which will disclose all files on the system resulting in a loss of confidentiality.
Local Access Required
Loss of Confidentiality
Currently, there are no known workarounds or upgrades to correct this issue. However, Sun has released a patch to address this vulnerability.