5 results (0.008 seconds)

CVSS: 10.0EPSS: 94%CPEs: 12EXPL: 0

Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow. Múltiples desbordamientos de enteros en vxsvc.exe en el servicio VERITAS Enterprise Administrator en Symantec Veritas Storage Foundation v5.1 y anteriores, Veritas Storage Foundation Cluster File System (SFCFS) v5.1 y anteriores, Veritas Storage Foundation Cluster File Enterprise System de Oracle RAC (SFCFSORAC) v5.1 y anteriores, Veritas Dynamic Multi-Pathing (DMP) v5.1 y NetBackup PureDisk v6.5.x a v6.6.1.x permite a atacantes remotos ejecutar código de su elección a través de (1) una cadena Unicode modificada relacionada con la función vxveautil.value_binary_unpack, (2) una cadena ASCII debidamente modificada relacionada con la función vxveautil.value_binary_unpack, o (3) un valor determinado en la función vxveautil.kv_binary_unpack, que da lugar a un desbordamiento de búfer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within vxsvc.exe process. The problem affecting the part of the server running on tcp port 2148 is an integer overflow in the function vxveautil.kv_binary_unpack where a 32-bit field is used to allocate an amount of memory equal to its value plus 1. • http://marc.info/?l=bugtraq&m=131955939603667&w=2 http://www.securityfocus.com/bid/49014 http://www.symantec.com/business/support/index?page=content&id=TECH165536 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110815_00 http://zerodayinitiative.com/advisories/ZDI-11-262 http://zerodayinitiative.com/advisories/ZDI-11-263 http://zerodayinitiative.com/advisories/ZDI-11-264 https://oval.cisecurity.org/repository/search/def • CWE-189: Numeric Errors •

CVSS: 10.0EPSS: 88%CPEs: 88EXPL: 0

VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300. El archivo VRTSweb.exe en VRTSweb en Backup Exec Continuous Protection Server de Symantec (CPS) versiones 11d, 12.0 y 12.5; Veritas NetBackup Operations Manager (NOM) versiones 6.0 GA hasta 6.5.5; Veritas Backup Reporter (VBR) versiones 6.0 GA hasta 6.6; Veritas Storage Foundation (SF) versión 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) versiones 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1 y 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) versión 3.5; Veritas Storage Foundation for Oracle (SFO) versiones 4.1, 5.0 y 5.0.1; Veritas Storage Foundation for DB2 versiones 4.1 y 5.0; Veritas Storage Foundation for Sybase versiones 4.1 y 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) versiones 3.5, 4.0, 4.1 y 5.0; Veritas Storage Foundation Manager (SFM) versiones 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win y 2.0; Veritas Cluster Server (VCS) versiones 3.5, 4.0, 4.1 y 5.0; Veritas Cluster Server One (VCSOne) versiones 2.0, 2.0.1 y 2.0.2; Veritas Application Director (VAD) versiones 1.1 y 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) versiones 5.1, 5.5 y 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) versiones 3.5, 4.0, 4.1 y 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) versión 5.0; Veritas Command Central Storage (CCS) versiones 4.x, 5.0 y 5.1; Veritas Command Central Enterprise Reporter (CC-ER) versiones 5.0 GA, 5.0 MP1, 5.0 MP1RP1 y 5.1; Veritas Command Central Storage Change Manager (CC-SCM) versiones 5.0 y 5.1; y Veritas MicroMeasure versión 5.0, no comprueba apropiadamente las peticiones de autenticación, que permite a los atacantes remotos desencadenar el desempaquetado de un archivo WAR y ejecutar código arbitrario en los archivos contenidos, por medio de datos diseñados al puerto TCP 14300. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple Symantec products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VRTSweb.exe Web Server component which listens by default on TCP ports 8181, 8443, and 14300. The process fails to properly validate an authentication request made to port 14300. • http://marc.info/?l=bugtraq&m=126046186917330&w=2 http://secunia.com/advisories/37631 http://secunia.com/advisories/37637 http://secunia.com/advisories/37685 http://securitytracker.com/id?1023309 http://securitytracker.com/id?1023312 http://seer.entsupport.symantec.com/docs/336988.htm http://seer.entsupport.symantec.com/docs/337279.htm http://seer.entsupport.symantec.com/docs/337293.htm http://seer.entsupport.symantec.com/docs/337392.htm http://seer.entsupport.symantec.com/docs&# • CWE-287: Improper Authentication •

CVSS: 10.0EPSS: 92%CPEs: 3EXPL: 0

The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279. La consola de gestión en Volume Manager Scheduler Service (también conocido como VxSchedService.exe) de Symantec Veritas Storage Foundation para Windows (SFW) 5.0, 5.0 RP1a y 5.1 acepta autentificación NULL NTLMSSP, lo que permite a atacantes remotos ejecutar código de su elección mediante peticiones al socket del servicio que crea valores del registro de "snapshots schedules (horarios de ficheros de captura)" especificando la ejecución de comandos futuros. NOTA: este problema existe debido a una solución incompleta de CVE-2007-2279. This vulnerability allows an attacker to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. • http://secunia.com/advisories/31486 http://securityreason.com/securityalert/4161 http://securitytracker.com/id?1020699 http://seer.entsupport.symantec.com/docs/306386.htm http://www.securityfocus.com/archive/1/495481 http://www.securityfocus.com/archive/1/495487/100/0/threaded http://www.securityfocus.com/bid/30596 http://www.symantec.com/avcenter/security/Content/2008.08.14a.html http://www.vupen.com/english/advisories/2008/2395 http://www.zerodayinitiative.com/advisories/ZDI-08- • CWE-287: Improper Authentication •

CVSS: 9.3EPSS: 93%CPEs: 7EXPL: 0

Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size. Desbordamiento de búfer basado en memoria libre para la reserva dinámica (heap) en el servicio Veritas Enterprise Administrator (VEA)(también conocido como vxsvc.exe) de Symantec Veritas Storage Foundation 5.0 permite a atacantes remotos ejecutar código de su elección a través de un paquete con valores manipulados de un campo de determinado tamaño, lo cual no es comprobado para la consistencia con el tamaño real del búfer. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec VERITAS Storage Foundation. Authentication is not required to exploit this vulnerability. The specific flaw resides in the Administrator service, vxsvc.exe, which listens by default on UDP port 3207. The process trusts a user-supplied size value, receiving the specified amount of data into a static heap buffer. • http://secunia.com/advisories/29050 http://securitytracker.com/id?1019459 http://www.securityfocus.com/archive/1/488420/100/0/threaded http://www.securityfocus.com/bid/25778 http://www.symantec.com/avcenter/security/Content/2008.02.20a.html http://www.zerodayinitiative.com/advisories/ZDI-08-007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0

The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution. El Servicio Scheduler (VxSchedService.exe) en Symantec Storage Foundation para Windows versión 5.0 permite a los atacantes remotos omitir la autenticación y ejecutar código arbitrario por medio de ciertas peticiones al socket service que crea valores de registro (1) PreScript o (2) PostScript bajo Veritas\VxSvc CurrentVersion\Schedules , especificando una ejecución de comandos futura. • http://osvdb.org/36104 http://secunia.com/advisories/25537 http://seer.entsupport.symantec.com/docs/288627.htm http://www.securityfocus.com/archive/1/470562/100/0/threaded http://www.securityfocus.com/bid/24194 http://www.securitytracker.com/id?1018188 http://www.symantec.com/avcenter/security/Content/2007.06.01.html http://www.vupen.com/english/advisories/2007/2035 https://exchange.xforce.ibmcloud.com/vulnerabilities/34680 • CWE-264: Permissions, Privileges, and Access Controls •