Lucene search

K

MitreCVELIST:CVE-2008-3703

HistoryAug 18, 2008 - 5:15 p.m.

CVE-2008-3703

2008-08-1817:15:00

mitre

www.cve.org

3

AI Score

7.8

Confidence

Low

EPSS

0.926

Percentile

99.1%

The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create “snapshots schedules” registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.

References

secunia.com/advisories/31486

securityreason.com/securityalert/4161

securitytracker.com/id?1020699

seer.entsupport.symantec.com/docs/306386.htm

www.securityfocus.com/archive/1/495481

www.securityfocus.com/archive/1/495487/100/0/threaded

www.securityfocus.com/bid/30596

www.symantec.com/avcenter/security/Content/2008.08.14a.html

www.vupen.com/english/advisories/2008/2395

www.zerodayinitiative.com/advisories/ZDI-08-053/

exchange.xforce.ibmcloud.com/vulnerabilities/44466

AI Score

7.8

Confidence

Low

EPSS

0.926

Percentile

99.1%

Related for CVELIST:CVE-2008-3703

cve2 prion2 nvd2 cvelist1 nessus2 securityvulns3 checkpoint_advisories1 zdi1