Lucene search

SAINT CorporationSAINT:EBD72A10C9897FA033B0DD547BC6910F

HistoryMar 03, 2008 - 12:00 a.m.

Veritas Storage Foundation Administrator service buffer overflow

2008-03-0300:00:00

SAINT Corporation

my.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.928 High

EPSS

Percentile

99.0%

JSON

Added: 03/03/2008
CVE: CVE-2008-0638
BID: 25778
OSVDB: 41978

Background

Veritas Storage Foundation is an online storage management solution. An Administrator service, implemented by **vxsvc.exe**, listens on port 3207 by default.

Problem

A buffer overflow vulnerability in the Administrator service allows remote attackers to execute arbitrary commands.

Resolution

Apply one of the patches referenced in Symantec document 297327.

References

<http://www.symantec.com/avcenter/security/Content/2008.02.20a.html>
<http://www.zerodayinitiative.com/advisories/ZDI-08-007.html>

Limitations

Exploit works on Symantec Veritas Storage Foundation for Windows 5.0.

Platforms

Windows 2000
Windows Server 2003

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.928 High

EPSS

Percentile

99.0%

JSON

Related for SAINT:EBD72A10C9897FA033B0DD547BC6910F