Veritas Storage Foundation Administrator service buffer overflow

2008-03-03T00:00:00
ID SAINT:B5636961F1A2881ABF78A8C31F26B197
Type saint
Reporter SAINT Corporation
Modified 2008-03-03T00:00:00

Description

Added: 03/03/2008
CVE: CVE-2008-0638
BID: 25778
OSVDB: 41978

Background

Veritas Storage Foundation is an online storage management solution. An Administrator service, implemented by **vxsvc.exe**, listens on port 3207 by default.

Problem

A buffer overflow vulnerability in the Administrator service allows remote attackers to execute arbitrary commands.

Resolution

Apply one of the patches referenced in Symantec document 297327.

References

<http://www.symantec.com/avcenter/security/Content/2008.02.20a.html>
<http://www.zerodayinitiative.com/advisories/ZDI-08-007.html>

Limitations

Exploit works on Symantec Veritas Storage Foundation for Windows 5.0.

Platforms

Windows 2000
Windows Server 2003