Symantec Veritas Storage Foundation Scheduler服务远程拒绝服务漏洞

BUGTRAQ ID: 27440 CVECAN ID: CVE-2007-4516 Veritas Storage Foundation是用于管理Veritas产品存储的解决方案。 Veritas Storage Foundation的Veritas Scheduler服务处理畸形用户请求时存在漏洞，远程攻击者可能利用此漏洞导致服务不可用。 如果Veritas Scheduler服务（VxSchedService.exe）接收到了畸形报文，就会触发无效的内存访问，导致该服务崩溃。攻击者无需认证便可以利用这个漏洞，但必须要在服务的4888端口创建TCP会话。 Symantec Verit...

iDefense Security Advisory 02.20.08: Symantec Veritas Storage Foundation Scheduler Service DoS Vulnerability

iDefense Security Advisory 02.20.08 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 20, 2008 I. BACKGROUND The Veritas Storage Foundation is based on the Veritas File System and Veritas Volume Manager products. It allows virtualization of storage over a variety of platforms. It contain...

CVE-2007-4516

Affected product: Symantec Veritas Storage Foundation 5.0 for Windows with the Scheduler Service (VxSchedService.exe). The vulnerability allows remote, unauthenticated attackers to crash or hang the daemon by sending malformed packets over TCP port 4888, leading to a DoS. The issue is tied to rem...