Lucene search

[email protected]CVE-2008-0638

HistoryFeb 21, 2008 - 8:44 p.m.

CVE-2008-0638

2008-02-2120:44:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-0638

buffer overflow

veritas

vea

symantec

storage foundation

remote code execution

security vulnerability

7.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.928 High

EPSS

Percentile

99.0%

JSON

Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size.

CPENameOperatorVersion
symantec:veritas_storage_foundationsymantec veritas storage foundationeq5.0

CPE	Name	Operator	Version
symantec:veritas_storage_foundation	symantec veritas storage foundation	eq	5.0

References

secunia.com/advisories/29050

securitytracker.com/id?1019459

www.securityfocus.com/archive/1/488420/100/0/threaded

www.securityfocus.com/bid/25778

www.symantec.com/avcenter/security/Content/2008.02.20a.html

www.zerodayinitiative.com/advisories/ZDI-08-007.html

7.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.928 High

EPSS

Percentile

99.0%

JSON

Related for CVE-2008-0638

zdi1 saint4 seebug1 checkpoint_advisories1 prion1 securityvulns2 nessus1