CVE-2011-0547
Symantec Veritas Storage Foundation vxsvc.exe Value Unpacking Integer Overflow Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow.
Múltiples desbordamientos de enteros en vxsvc.exe en el servicio VERITAS Enterprise Administrator en Symantec Veritas Storage Foundation v5.1 y anteriores, Veritas Storage Foundation Cluster File System (SFCFS) v5.1 y anteriores, Veritas Storage Foundation Cluster File Enterprise System de Oracle RAC (SFCFSORAC) v5.1 y anteriores, Veritas Dynamic Multi-Pathing (DMP) v5.1 y NetBackup PureDisk v6.5.x a v6.6.1.x permite a atacantes remotos ejecutar código de su elección a través de (1) una cadena Unicode modificada relacionada con la función vxveautil.value_binary_unpack, (2) una cadena ASCII debidamente modificada relacionada con la función vxveautil.value_binary_unpack, o (3) un valor determinado en la función vxveautil.kv_binary_unpack, que da lugar a un desbordamiento de búfer.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service. Authentication is not required to exploit this vulnerability.
The specific flaw exists within vxsvc.exe process. The problem affecting the part of the server running on tcp port 2148 is an integer overflow in the function vxveautil.kv_binary_unpack where a 32-bit field is used to allocate an amount of memory equal to its value plus 1. This can be made to miscalculate a heap buffer which can be subsequently overflowed allowing an attacker to execute arbitrary code under the context of SYSTEM.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-01-20 CVE Reserved
- 2011-08-16 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/49014 | Vdb Entry | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110815_00 | X_refsource_confirm | |
| http://zerodayinitiative.com/advisories/ZDI-11-262 | X_refsource_misc | |
| http://zerodayinitiative.com/advisories/ZDI-11-263 | X_refsource_misc | |
| http://zerodayinitiative.com/advisories/ZDI-11-264 | X_refsource_misc | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14792 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.symantec.com/business/support/index?page=content&id=TECH165536 | 2017-09-19 |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=131955939603667&w=2 | 2017-09-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Symantec Search vendor "Symantec" | Veritas Dynamic Multi-pathing Search vendor "Symantec" for product "Veritas Dynamic Multi-pathing" | 5.1 Search vendor "Symantec" for product "Veritas Dynamic Multi-pathing" and version "5.1" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Veritas Storage Foundation Search vendor "Symantec" for product "Veritas Storage Foundation" | <= 5.1 Search vendor "Symantec" for product "Veritas Storage Foundation" and version " <= 5.1" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Veritas Storage Foundation Search vendor "Symantec" for product "Veritas Storage Foundation" | 5.0 Search vendor "Symantec" for product "Veritas Storage Foundation" and version "5.0" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Veritas Storage Foundation Cluster File System For Oracle Rac Search vendor "Symantec" for product "Veritas Storage Foundation Cluster File System For Oracle Rac" | <= 5.1 Search vendor "Symantec" for product "Veritas Storage Foundation Cluster File System For Oracle Rac" and version " <= 5.1" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Veritas Storage Foundation Cluster File System For Oracle Rac Search vendor "Symantec" for product "Veritas Storage Foundation Cluster File System For Oracle Rac" | 5.0 Search vendor "Symantec" for product "Veritas Storage Foundation Cluster File System For Oracle Rac" and version "5.0" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Netbackup Puredisk Search vendor "Symantec" for product "Netbackup Puredisk" | 6.5.0.1 Search vendor "Symantec" for product "Netbackup Puredisk" and version "6.5.0.1" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Netbackup Puredisk Search vendor "Symantec" for product "Netbackup Puredisk" | 6.5.1 Search vendor "Symantec" for product "Netbackup Puredisk" and version "6.5.1" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Netbackup Puredisk Search vendor "Symantec" for product "Netbackup Puredisk" | 6.5.1.1 Search vendor "Symantec" for product "Netbackup Puredisk" and version "6.5.1.1" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Netbackup Puredisk Search vendor "Symantec" for product "Netbackup Puredisk" | 6.5.1.2 Search vendor "Symantec" for product "Netbackup Puredisk" and version "6.5.1.2" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Netbackup Puredisk Search vendor "Symantec" for product "Netbackup Puredisk" | 6.6.1 Search vendor "Symantec" for product "Netbackup Puredisk" and version "6.6.1" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Netbackup Puredisk Search vendor "Symantec" for product "Netbackup Puredisk" | 6.6.1.1 Search vendor "Symantec" for product "Netbackup Puredisk" and version "6.6.1.1" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Netbackup Puredisk Search vendor "Symantec" for product "Netbackup Puredisk" | 6.6.1.2 Search vendor "Symantec" for product "Netbackup Puredisk" and version "6.6.1.2" | - |
Affected
| ||||||