CVSS: 10.0EPSS: 94%CPEs: 12EXPL: 0CVE-2011-0547 – Symantec Veritas Storage Foundation vxsvc.exe Value Unpacking Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0547
Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow. Múltiples desbordamientos de enteros en vxsvc.exe en el servicio VERITAS Enterprise Administrator en Symantec Veritas Storage Foundation v5.1 y anteriores, Veritas Storage Foundation Cluster File System (SFCFS) v5.1 y anteriores, Veritas Storage Foundation Cluster File Enterprise System de Oracle RAC (SFCFSORAC) v5.1 y anteriores, Veritas Dynamic Multi-Pathing (DMP) v5.1 y NetBackup PureDisk v6.5.x a v6.6.1.x permite a atacantes remotos ejecutar código de su elección a través de (1) una cadena Unicode modificada relacionada con la función vxveautil.value_binary_unpack, (2) una cadena ASCII debidamente modificada relacionada con la función vxveautil.value_binary_unpack, o (3) un valor determinado en la función vxveautil.kv_binary_unpack, que da lugar a un desbordamiento de búfer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within vxsvc.exe process. The problem affecting the part of the server running on tcp port 2148 is an integer overflow in the function vxveautil.kv_binary_unpack where a 32-bit field is used to allocate an amount of memory equal to its value plus 1. • http://marc.info/?l=bugtraq&m=131955939603667&w=2 http://www.securityfocus.com/bid/49014 http://www.symantec.com/business/support/index?page=content&id=TECH165536 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110815_00 http://zerodayinitiative.com/advisories/ZDI-11-262 http://zerodayinitiative.com/advisories/ZDI-11-263 http://zerodayinitiative.com/advisories/ZDI-11-264 https://oval.cisecurity.org/repository/search/def • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 87%CPEs: 88EXPL: 0CVE-2009-3027 – Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-3027
VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300. El archivo VRTSweb.exe en VRTSweb en Backup Exec Continuous Protection Server de Symantec (CPS) versiones 11d, 12.0 y 12.5; Veritas NetBackup Operations Manager (NOM) versiones 6.0 GA hasta 6.5.5; Veritas Backup Reporter (VBR) versiones 6.0 GA hasta 6.6; Veritas Storage Foundation (SF) versión 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) versiones 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1 y 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) versión 3.5; Veritas Storage Foundation for Oracle (SFO) versiones 4.1, 5.0 y 5.0.1; Veritas Storage Foundation for DB2 versiones 4.1 y 5.0; Veritas Storage Foundation for Sybase versiones 4.1 y 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) versiones 3.5, 4.0, 4.1 y 5.0; Veritas Storage Foundation Manager (SFM) versiones 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win y 2.0; Veritas Cluster Server (VCS) versiones 3.5, 4.0, 4.1 y 5.0; Veritas Cluster Server One (VCSOne) versiones 2.0, 2.0.1 y 2.0.2; Veritas Application Director (VAD) versiones 1.1 y 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) versiones 5.1, 5.5 y 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) versiones 3.5, 4.0, 4.1 y 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) versión 5.0; Veritas Command Central Storage (CCS) versiones 4.x, 5.0 y 5.1; Veritas Command Central Enterprise Reporter (CC-ER) versiones 5.0 GA, 5.0 MP1, 5.0 MP1RP1 y 5.1; Veritas Command Central Storage Change Manager (CC-SCM) versiones 5.0 y 5.1; y Veritas MicroMeasure versión 5.0, no comprueba apropiadamente las peticiones de autenticación, que permite a los atacantes remotos desencadenar el desempaquetado de un archivo WAR y ejecutar código arbitrario en los archivos contenidos, por medio de datos diseñados al puerto TCP 14300. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple Symantec products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VRTSweb.exe Web Server component which listens by default on TCP ports 8181, 8443, and 14300. The process fails to properly validate an authentication request made to port 14300. • http://marc.info/?l=bugtraq&m=126046186917330&w=2 http://secunia.com/advisories/37631 http://secunia.com/advisories/37637 http://secunia.com/advisories/37685 http://securitytracker.com/id?1023309 http://securitytracker.com/id?1023312 http://seer.entsupport.symantec.com/docs/336988.htm http://seer.entsupport.symantec.com/docs/337279.htm http://seer.entsupport.symantec.com/docs/337293.htm http://seer.entsupport.symantec.com/docs/337392.htm http://seer.entsupport.symantec.com/docs&# • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 93%CPEs: 3EXPL: 0CVE-2008-3703 – Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2008-3703
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279. La consola de gestión en Volume Manager Scheduler Service (también conocido como VxSchedService.exe) de Symantec Veritas Storage Foundation para Windows (SFW) 5.0, 5.0 RP1a y 5.1 acepta autentificación NULL NTLMSSP, lo que permite a atacantes remotos ejecutar código de su elección mediante peticiones al socket del servicio que crea valores del registro de "snapshots schedules (horarios de ficheros de captura)" especificando la ejecución de comandos futuros. NOTA: este problema existe debido a una solución incompleta de CVE-2007-2279. This vulnerability allows an attacker to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. • http://secunia.com/advisories/31486 http://securityreason.com/securityalert/4161 http://securitytracker.com/id?1020699 http://seer.entsupport.symantec.com/docs/306386.htm http://www.securityfocus.com/archive/1/495481 http://www.securityfocus.com/archive/1/495487/100/0/threaded http://www.securityfocus.com/bid/30596 http://www.symantec.com/avcenter/security/Content/2008.08.14a.html http://www.vupen.com/english/advisories/2008/2395 http://www.zerodayinitiative.com/advisories/ZDI-08- • CWE-287: Improper Authentication •