// For flags

CVE-2008-0638

Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size.

Desbordamiento de búfer basado en memoria libre para la reserva dinámica (heap) en el servicio Veritas Enterprise Administrator (VEA)(también conocido como vxsvc.exe) de Symantec Veritas Storage Foundation 5.0 permite a atacantes remotos ejecutar código de su elección a través de un paquete con valores manipulados de un campo de determinado tamaño, lo cual no es comprobado para la consistencia con el tamaño real del búfer.

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec VERITAS Storage Foundation. Authentication is not required to exploit this vulnerability.
The specific flaw resides in the Administrator service, vxsvc.exe, which listens by default on UDP port 3207. The process trusts a user-supplied size value, receiving the specified amount of data into a static heap buffer. By sending a specially crafted packet, an attacker can overflow that buffer leading to arbitrary code execution in the context of the SYSTEM user.

*Credits: Sebastian Apelt (webmaster@buzzworld.org)
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-02-06 CVE Reserved
  • 2008-02-20 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-11-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Symantec
Search vendor "Symantec"
 Veritas Storage Foundation
Search vendor "Symantec" for product "Veritas Storage Foundation"
 5.0
Search vendor "Symantec" for product "Veritas Storage Foundation" and version "5.0"
aix
Affected
Symantec
Search vendor "Symantec"
 Veritas Storage Foundation
Search vendor "Symantec" for product "Veritas Storage Foundation"
 5.0
Search vendor "Symantec" for product "Veritas Storage Foundation" and version "5.0"
hp_ux
Affected
Symantec
Search vendor "Symantec"
 Veritas Storage Foundation
Search vendor "Symantec" for product "Veritas Storage Foundation"
 5.0
Search vendor "Symantec" for product "Veritas Storage Foundation" and version "5.0"
linux
Affected
Symantec
Search vendor "Symantec"
 Veritas Storage Foundation
Search vendor "Symantec" for product "Veritas Storage Foundation"
 5.0
Search vendor "Symantec" for product "Veritas Storage Foundation" and version "5.0"
solaris
Affected
Symantec
Search vendor "Symantec"
 Veritas Storage Foundation
Search vendor "Symantec" for product "Veritas Storage Foundation"
 5.0
Search vendor "Symantec" for product "Veritas Storage Foundation" and version "5.0"
windows_2000
Affected
Symantec
Search vendor "Symantec"
 Veritas Storage Foundation
Search vendor "Symantec" for product "Veritas Storage Foundation"
 5.0
Search vendor "Symantec" for product "Veritas Storage Foundation" and version "5.0"
32bit, windows_2003
Affected
Symantec
Search vendor "Symantec"
 Veritas Storage Foundation
Search vendor "Symantec" for product "Veritas Storage Foundation"
 5.0
Search vendor "Symantec" for product "Veritas Storage Foundation" and version "5.0"
64bit, windows_2003
Affected