9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.928 High
EPSS
Percentile
99.0%
Added: 03/03/2008
CVE: CVE-2008-0638
BID: 25778
OSVDB: 41978
Veritas Storage Foundation is an online storage management solution. An Administrator service, implemented by **vxsvc.exe**
, listens on port 3207 by default.
A buffer overflow vulnerability in the Administrator service allows remote attackers to execute arbitrary commands.
Apply one of the patches referenced in Symantec document 297327.
<http://www.symantec.com/avcenter/security/Content/2008.02.20a.html>
<http://www.zerodayinitiative.com/advisories/ZDI-08-007.html>
Exploit works on Symantec Veritas Storage Foundation for Windows 5.0.
Windows 2000
Windows Server 2003