Search criteria
15 vulnerabilities found for veritas_storage_foundation by symantec
FKIE_CVE-2011-0547
Vulnerability from fkie_nvd - Published: 2011-08-19 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | veritas_dynamic_multi-pathing | 5.1 | |
| symantec | veritas_storage_foundation | * | |
| symantec | veritas_storage_foundation | 5.0 | |
| symantec | veritas_storage_foundation_cluster_file_system_for_oracle_rac | * | |
| symantec | veritas_storage_foundation_cluster_file_system_for_oracle_rac | 5.0 | |
| symantec | netbackup_puredisk | 6.5.0.1 | |
| symantec | netbackup_puredisk | 6.5.1 | |
| symantec | netbackup_puredisk | 6.5.1.1 | |
| symantec | netbackup_puredisk | 6.5.1.2 | |
| symantec | netbackup_puredisk | 6.6.1 | |
| symantec | netbackup_puredisk | 6.6.1.1 | |
| symantec | netbackup_puredisk | 6.6.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:veritas_dynamic_multi-pathing:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0AC9AB-1610-4421-AB29-20644B5B9387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8B3DB0-452D-4694-B893-4CB1F0063485",
"versionEndIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D062DD-501C-4D0E-B439-5E1F8C29AB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system_for_oracle_rac:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B63E42A-4C8A-452B-B32F-34156D12801C",
"versionEndIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system_for_oracle_rac:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF2F864-EEF5-4D5F-9406-BD1EDBB2F696",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:netbackup_puredisk:6.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E561BE7-7815-43A3-98BC-86989B07873D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:netbackup_puredisk:6.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D286B29D-8C75-4386-852A-E8ED6FE55BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:netbackup_puredisk:6.5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6CEF2A-59A5-4787-9FDB-3031B2235982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:netbackup_puredisk:6.5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F329DBEE-35DA-4924-BE28-6D6113EFB022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:netbackup_puredisk:6.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "74CB9A64-B909-4837-9A0B-107F6B500CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:netbackup_puredisk:6.6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA2A1E34-6988-44A8-AD4C-66A4F53DB45A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:netbackup_puredisk:6.6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91DC93EE-9352-4208-81A7-F1ADB0C4A1A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de enteros en vxsvc.exe en el servicio VERITAS Enterprise Administrator en Symantec Veritas Storage Foundation v5.1 y anteriores, Veritas Storage Foundation Cluster File System (SFCFS) v5.1 y anteriores, Veritas Storage Foundation Cluster File Enterprise System de Oracle RAC (SFCFSORAC) v5.1 y anteriores, Veritas Dynamic Multi-Pathing (DMP) v5.1 y NetBackup PureDisk v6.5.x a v6.6.1.x permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) una cadena Unicode modificada relacionada con la funci\u00f3n vxveautil.value_binary_unpack, (2) una cadena ASCII debidamente modificada relacionada con la funci\u00f3n vxveautil.value_binary_unpack, o (3) un valor determinado en la funci\u00f3n vxveautil.kv_binary_unpack, que da lugar a un desbordamiento de b\u00fafer.\r\n"
}
],
"id": "CVE-2011-0547",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-08-19T21:55:01.447",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/49014"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH165536"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110815_00"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-262/"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-263/"
},
{
"source": "cve@mitre.org",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-264/"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH165536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110815_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-262/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-263/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-264/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14792"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-3027
Vulnerability from fkie_nvd - Published: 2009-12-11 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:backup_exec_continuous_protection_server:11d:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6E4ABB-057E-42D3-8A89-5D456675EC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backup_exec_continuous_protection_server:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D740C486-FBFB-40C3-9984-FDDEC5EA9733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:backup_exec_continuous_protection_server:12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D6ACB3C3-C9C4-4E9C-A844-D666A967A234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_application_director:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "942E06E0-9D27-4CDD-B633-08C327ED1EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_application_director:1.1:*:platform_expansion:*:*:*:*:*",
"matchCriteriaId": "A9BC62A6-4624-4590-B9C8-0CA16185831C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_backup_exec:11d:*:*:*:*:*:*:*",
"matchCriteriaId": "012C76D4-E77B-4468-A24A-A492A412CE7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_backup_exec:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA48FE77-E46D-4F12-9124-01165D223CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_backup_exec:12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "75D16DC0-92CC-4FAE-8640-4845F6338CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_cluster_server:3.5:*:hp-ux:*:*:*:*:*",
"matchCriteriaId": "7B54B477-85EC-4435-BA22-6586DE493097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_cluster_server:4.0:*:aix:*:*:*:*:*",
"matchCriteriaId": "B0ED4E24-038C-45DA-8023-233F0A0800F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_cluster_server:4.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "37BB09D0-0FD3-41E5-8BE0-890F84B98C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_cluster_server:4.1:*:hp-ux:*:*:*:*:*",
"matchCriteriaId": "D0AACBB1-8F69-4F63-974B-C64E78686438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_cluster_server:4.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "A9EDF286-222D-460B-9591-DB99323BAF46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_cluster_server:4.1:*:solaris:*:*:*:*:*",
"matchCriteriaId": "AB282C2B-C0C5-40CC-9E16-B5B8271AC222",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_cluster_server:5.0:*:aix:*:*:*:*:*",
"matchCriteriaId": "A7B74077-2547-4F27-BD57-359491435F1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_cluster_server:5.0:*:hp-ux:*:*:*:*:*",
"matchCriteriaId": "6B271A01-4E72-41DC-A0E6-3F070A7F613C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_cluster_server:5.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "F586E834-013A-434C-90A1-715B2B15C12D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_cluster_server:5.0:*:solaris:*:*:*:*:*",
"matchCriteriaId": "E89EEBDC-F160-4AB0-80CF-49E5655F04E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_cluster_server_management_console:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1470C394-3B0A-4322-9ACC-A3586527529A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_cluster_server_management_console:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B1F33C5F-0150-4CA3-94C3-5A84D7715516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_cluster_server_management_console:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0886CD94-42FE-4140-86E7-F4C9939A290F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_cluster_server_one:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E3F7A5C-3944-4DC3-96A6-627B133FA006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_cluster_server_one:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDB0D6A1-D2D1-4F60-B366-52715D30D26B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_cluster_server_one:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52D62C7A-3C39-4321-B9E1-49E300EEC494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_command_central_enterprise_reporter:5.0_ga:*:*:*:*:*:*:*",
"matchCriteriaId": "7C7C1181-1A78-4774-B016-8D6D5F0C30E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_command_central_enterprise_reporter:5.0mp1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C07F0CC-72FC-4D3F-90AC-D82472422706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_command_central_enterprise_reporter:5.0mp1rp1:*:*:*:*:*:*:*",
"matchCriteriaId": "78FE2945-5381-4445-A064-C9E20B4F643A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_command_central_enterprise_reporter:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B30722B-AA42-4B49-BD87-B518C970C921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_command_central_storage:4.x:*:*:*:*:*:*:*",
"matchCriteriaId": "85F98C53-8712-4FF6-B168-50F25555CE0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_command_central_storage:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C33D910F-1116-4432-970B-CD0949CB8DEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_command_central_storage:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC235D3-E8CF-44EE-9C6F-CEE85BA239A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_command_central_storage_change_manager:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "276B6BB8-6E10-4D7C-984D-C9DEC4A93400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_command_central_storage_change_manager:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C2160A2-D8E6-420B-8E3F-90B6501ADCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_micromeasure:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DD78EF3-8890-43CB-B56A-6EF18B76E48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_netbackup_operations_manager:6.0_ga:*:*:*:*:*:*:*",
"matchCriteriaId": "817AF93A-7BB1-4295-AD5E-67B697DE066F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_netbackup_operations_manager:6.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D79923BD-6346-409B-A326-BDD024D64EA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_netbackup_reporter:6.0_ga:*:*:*:*:*:*:*",
"matchCriteriaId": "370F7991-4133-4A4A-AF24-232323D0CED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_netbackup_reporter:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "024C614A-094B-401B-BF41-9D6071102099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storae_foundation:3.5_onwards:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7C58A-F135-49FE-A507-B46D9FA51232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE415ED-224D-4806-92BB-BEFDE2D645D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:3.5:*:hp-ux:*:*:*:*:*",
"matchCriteriaId": "A11DA8A4-DBA8-4F38-9CAC-27BCDD031F44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:4.0:*:aix:*:*:*:*:*",
"matchCriteriaId": "C7420624-84D9-4A86-A027-6CB288D4B43A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:4.0:*:hp-ux:*:*:*:*:*",
"matchCriteriaId": "D6652DB1-FDD6-48A4-9517-D981873C4EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:4.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "1C96E3F4-F895-41A9-ADA0-97CAEF73AB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:4.0:*:solaris:*:*:*:*:*",
"matchCriteriaId": "601EC43E-7B41-4BE8-B45B-F33C5B9F9620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:4.1:*:aix:*:*:*:*:*",
"matchCriteriaId": "B6C3BEA8-8B10-48AC-BB94-F11E5361315B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:4.1:*:hp-ux:*:*:*:*:*",
"matchCriteriaId": "7A2C5349-8569-4884-A8F6-775DAC771D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:4.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "68999D92-BF01-48D8-8B1D-078629875F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:4.1:*:solaris:*:*:*:*:*",
"matchCriteriaId": "E274ECF5-98F2-40D7-8166-63142D0A57F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:5.0:*:aix:*:*:*:*:*",
"matchCriteriaId": "A4A976D0-6487-49D4-8556-0DD60021A0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:5.0:*:hp-ux:*:*:*:*:*",
"matchCriteriaId": "8EC6BF09-81D7-4882-BA29-8A311BB673FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:5.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "F5464913-8A56-4031-93DE-A70F159FF7D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system:5.0:*:solaris:*:*:*:*:*",
"matchCriteriaId": "06715E62-1C94-4345-8AA9-D67BB7EB8F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system_for_oracle_rac:5.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "D8722C95-F712-4F2A-ACCF-CEA3BEDCCD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_db2:4.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "431F59D5-D26E-4EC9-BABF-E08627D96055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_db2:4.1:*:solaris:*:*:*:*:*",
"matchCriteriaId": "534552BF-CEF1-45B3-B532-CAD4300F61F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_db2:5.0:*:aix:*:*:*:*:*",
"matchCriteriaId": "E047AD78-DE53-4555-B7C2-9FF95EE3D793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_db2:5.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "47781640-9536-4107-BF63-80104F947F82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_db2:5.0:*:solaris:*:*:*:*:*",
"matchCriteriaId": "A1BE7CE6-7DF3-4C9E-AB4B-3F3534AB6E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_high_availability:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "08EF077E-57CB-4995-B465-1DB9DF2B0C34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1434B93C-2D93-400E-99E2-95D210771C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F05F046-9B3F-4753-9B94-24906717528B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "34053749-395D-48E2-BE02-4784E2D1F934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:3.5:*:hp-ux:*:*:*:*:*",
"matchCriteriaId": "C757098D-F666-45F6-B0F8-164170BCED8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:4.0:*:aix:*:*:*:*:*",
"matchCriteriaId": "BDE6CD95-FC16-4E12-A852-6F06D3EEA5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:4.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "16F884A4-E0B6-4857-BD61-4B69DA0CF783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:4.1:*:linux:*:*:*:*:*",
"matchCriteriaId": "F9496201-BE01-4FFC-A6B9-AED5E8F8C8DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:4.1:*:solaris:*:*:*:*:*",
"matchCriteriaId": "36B7EF96-CA33-48CF-B6D3-607970BB85DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:4.1:hp-ux:*:*:*:*:*:*",
"matchCriteriaId": "2AA0E4E6-AB87-43D7-BEB9-46B34B5BEDFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F339DCEF-1F4F-4C9C-A68D-CA8A5347AD3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:5.0:*:aix:*:*:*:*:*",
"matchCriteriaId": "51CCB494-8E39-445C-A9B4-87F1BA42B49B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:5.0:*:hp-ux:*:*:*:*:*",
"matchCriteriaId": "DC2A2F53-7488-4339-B7BE-39CB451CEA07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:5.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "2405C7B6-E302-4C56-A4B3-85EE70CE8553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_oracle_real_application_cluster:5.0:*:solaris:*:*:*:*:*",
"matchCriteriaId": "D8726E54-2C92-47E2-82E4-AF987B62C4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_sybase:4.1:*:solaris:*:*:*:*:*",
"matchCriteriaId": "93186DB0-83C2-45F7-B3D9-129109336C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_sybase:5.0:*:solaris:*:*:*:*:*",
"matchCriteriaId": "A0A3C285-6FE5-4365-99A9-E8A7689CCBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_windows_high_availability:4.3mp2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9436C35-7427-40CB-9CAF-4CF0D6BE3DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_windows_high_availability:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FF6555A3-5156-42C6-94F7-7B37F7718AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_windows_high_availability:5.0rp1a:*:*:*:*:*:*:*",
"matchCriteriaId": "55A7A3C7-A461-4838-AA8B-5E4B80E15CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_windows_high_availability:5.0rp2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B59E2A5-6066-4CEA-A22D-AEA52FDD1419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_windows_high_availability:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC35DF8B-6C75-4EAF-B4A4-3C8E5B4CF968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_for_windows_high_availability:5.1ap1:*:*:*:*:*:*:*",
"matchCriteriaId": "A07A7773-F8FE-48CA-9CEE-78835E2EF420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_manager:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECE49ED8-BBDE-4B2A-AF89-8C9467232AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_manager:1.0mp1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB5D0102-15CF-4B99-BA91-5BA852512120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_manager:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E693F59B-0AA7-413E-B583-E3AD94C18FEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_manager:1.1.1ux:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA02EC8-9C16-4860-96D1-025576DCD53C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_manager:1.1.1win:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9B59DE-9F3B-4AC3-A856-61F66D0531A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation_manager:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D377C9-EE9C-4F93-BA6D-0994F0E23CE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300."
},
{
"lang": "es",
"value": "El archivo VRTSweb.exe en VRTSweb en Backup Exec Continuous Protection Server de Symantec (CPS) versiones 11d, 12.0 y 12.5; Veritas NetBackup Operations Manager (NOM) versiones 6.0 GA hasta 6.5.5; Veritas Backup Reporter (VBR) versiones 6.0 GA hasta 6.6; Veritas Storage Foundation (SF) versi\u00f3n 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) versiones 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1 y 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) versi\u00f3n 3.5; Veritas Storage Foundation for Oracle (SFO) versiones 4.1, 5.0 y 5.0.1; Veritas Storage Foundation for DB2 versiones 4.1 y 5.0; Veritas Storage Foundation for Sybase versiones 4.1 y 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) versiones 3.5, 4.0, 4.1 y 5.0; Veritas Storage Foundation Manager (SFM) versiones 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win y 2.0; Veritas Cluster Server (VCS) versiones 3.5, 4.0, 4.1 y 5.0; Veritas Cluster Server One (VCSOne) versiones 2.0, 2.0.1 y 2.0.2; Veritas Application Director (VAD) versiones 1.1 y 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) versiones 5.1, 5.5 y 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) versiones 3.5, 4.0, 4.1 y 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) versi\u00f3n 5.0; Veritas Command Central Storage (CCS) versiones 4.x, 5.0 y 5.1; Veritas Command Central Enterprise Reporter (CC-ER) versiones 5.0 GA, 5.0 MP1, 5.0 MP1RP1 y 5.1; Veritas Command Central Storage Change Manager (CC-SCM) versiones 5.0 y 5.1; y Veritas MicroMeasure versi\u00f3n 5.0, no comprueba apropiadamente las peticiones de autenticaci\u00f3n, que permite a los atacantes remotos desencadenar el desempaquetado de un archivo WAR y ejecutar c\u00f3digo arbitrario en los archivos contenidos, por medio de datos dise\u00f1ados al puerto TCP 14300."
}
],
"id": "CVE-2009-3027",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-11T16:30:00.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37631"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37637"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37685"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023309"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023312"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://seer.entsupport.symantec.com/docs/336988.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://seer.entsupport.symantec.com/docs/337279.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://seer.entsupport.symantec.com/docs/337293.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://seer.entsupport.symantec.com/docs/337392.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://seer.entsupport.symantec.com/docs/337859.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://seer.entsupport.symantec.com/docs/337930.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/60884"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/508358/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37012"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023311"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023313"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023318"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091209_00"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3467"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3483"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-098/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54665"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://seer.entsupport.symantec.com/docs/336988.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://seer.entsupport.symantec.com/docs/337279.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://seer.entsupport.symantec.com/docs/337293.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://seer.entsupport.symantec.com/docs/337392.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://seer.entsupport.symantec.com/docs/337859.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://seer.entsupport.symantec.com/docs/337930.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/60884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/508358/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091209_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-098/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7986"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3703
Vulnerability from fkie_nvd - Published: 2008-08-18 17:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | veritas_storage_foundation | 5.0 | |
| symantec | veritas_storage_foundation | 5.0 | |
| symantec | veritas_storage_foundation | 5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation:5.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "10C7B114-73FB-4294-8E2E-94B5CB63750D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation:5.0:rp1a:windows:*:*:*:*:*",
"matchCriteriaId": "3C14D03F-1728-4D55-A74C-BD42C6F3007B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation:5.1:*:windows:*:*:*:*:*",
"matchCriteriaId": "30E4586D-FB79-49F1-A9DE-A6AB53C1471F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create \"snapshots schedules\" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279."
},
{
"lang": "es",
"value": "La consola de gesti\u00f3n en Volume Manager Scheduler Service (tambi\u00e9n conocido como VxSchedService.exe) de Symantec Veritas Storage Foundation para Windows (SFW) 5.0, 5.0 RP1a y 5.1 acepta autentificaci\u00f3n NULL NTLMSSP, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante peticiones al socket del servicio que crea valores del registro de \"snapshots schedules (horarios de ficheros de captura)\" especificando la ejecuci\u00f3n de comandos futuros. NOTA: este problema existe debido a una soluci\u00f3n incompleta de CVE-2007-2279."
}
],
"id": "CVE-2008-3703",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-18T17:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31486"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4161"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1020699"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://seer.entsupport.symantec.com/docs/306386.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495481"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/495487/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30596"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/avcenter/security/Content/2008.08.14a.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2395"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-053/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1020699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://seer.entsupport.symantec.com/docs/306386.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495487/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/avcenter/security/Content/2008.08.14a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-053/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44466"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0638
Vulnerability from fkie_nvd - Published: 2008-02-21 20:44 - Updated: 2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | veritas_storage_foundation | 5.0 | |
| symantec | veritas_storage_foundation | 5.0 | |
| symantec | veritas_storage_foundation | 5.0 | |
| symantec | veritas_storage_foundation | 5.0 | |
| symantec | veritas_storage_foundation | 5.0 | |
| symantec | veritas_storage_foundation | 5.0 | |
| symantec | veritas_storage_foundation | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation:5.0:*:aix:*:*:*:*:*",
"matchCriteriaId": "53BB0646-9ED9-452D-83E8-C27D76C745BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation:5.0:*:hp_ux:*:*:*:*:*",
"matchCriteriaId": "6F93497D-05F3-4116-A000-23C3660EDFCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation:5.0:*:linux:*:*:*:*:*",
"matchCriteriaId": "D5FFFC60-E024-43C2-B467-E8DA696B81CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation:5.0:*:solaris:*:*:*:*:*",
"matchCriteriaId": "A845D088-83FC-4C78-80E7-2BBEADFB464E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation:5.0:*:windows_2000:*:*:*:*:*",
"matchCriteriaId": "B4A744D6-2237-4FD8-9E8E-43377F0C0DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation:5.0:32bit:windows_2003:*:*:*:*:*",
"matchCriteriaId": "B4435E63-96A0-4B9D-A2C6-4827A61B4E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation:5.0:64bit:windows_2003:*:*:*:*:*",
"matchCriteriaId": "3ED4489C-97C0-41E5-9F0F-129C2D008674",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria libre para la reserva din\u00e1mica (heap) en el servicio Veritas Enterprise Administrator (VEA)(tambi\u00e9n conocido como vxsvc.exe) de Symantec Veritas Storage Foundation 5.0 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un paquete con valores manipulados de un campo de determinado tama\u00f1o, lo cual no es comprobado para la consistencia con el tama\u00f1o real del b\u00fafer.\r\n\r\n"
}
],
"id": "CVE-2008-0638",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-21T20:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29050"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019459"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/488420/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25778"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/488420/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-2279
Vulnerability from fkie_nvd - Published: 2007-06-04 16:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | veritas_storage_foundation | 5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:veritas_storage_foundation:5.0:*:windows:*:*:*:*:*",
"matchCriteriaId": "10C7B114-73FB-4294-8E2E-94B5CB63750D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\\VxSvc\\CurrentVersion\\Schedules specifying future command execution."
},
{
"lang": "es",
"value": "El Servicio Scheduler (VxSchedService.exe) en Symantec Storage Foundation para Windows versi\u00f3n 5.0 permite a los atacantes remotos omitir la autenticaci\u00f3n y ejecutar c\u00f3digo arbitrario por medio de ciertas peticiones al socket service que crea valores de registro (1) PreScript o (2) PostScript bajo Veritas\\VxSvc CurrentVersion\\Schedules , especificando una ejecuci\u00f3n de comandos futura."
}
],
"id": "CVE-2007-2279",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-06-04T16:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36104"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25537"
},
{
"source": "cve@mitre.org",
"url": "http://seer.entsupport.symantec.com/docs/288627.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/470562/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24194"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018188"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.01.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2035"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seer.entsupport.symantec.com/docs/288627.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/470562/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34680"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-0547 (GCVE-0-2011-0547)
Vulnerability from cvelistv5 – Published: 2011-08-19 21:00 – Updated: 2024-08-06 21:58
VLAI?
Summary
Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:25.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-264/"
},
{
"name": "HPSBUX02700",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
},
{
"name": "SSRT100506",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14792",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14792"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-263/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH165536"
},
{
"name": "49014",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49014"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110815_00"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-262/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-264/"
},
{
"name": "HPSBUX02700",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
},
{
"name": "SSRT100506",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14792",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14792"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-263/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH165536"
},
{
"name": "49014",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49014"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110815_00"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-262/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-264/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-264/"
},
{
"name": "HPSBUX02700",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
},
{
"name": "SSRT100506",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14792",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14792"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-263/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-263/"
},
{
"name": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH165536",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH165536"
},
{
"name": "49014",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49014"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110815_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110815_00"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-262/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-262/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0547",
"datePublished": "2011-08-19T21:00:00",
"dateReserved": "2011-01-20T00:00:00",
"dateUpdated": "2024-08-06T21:58:25.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3027 (GCVE-0-2009-3027)
Vulnerability from cvelistv5 – Published: 2009-12-11 16:00 – Updated: 2024-08-07 06:14
VLAI?
Summary
VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT090253",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.entsupport.symantec.com/docs/337930.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-098/"
},
{
"name": "ADV-2009-3467",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3467"
},
{
"name": "37637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37637"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.entsupport.symantec.com/docs/337279.htm"
},
{
"name": "37012",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37012"
},
{
"name": "oval:org.mitre.oval:def:7986",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7986"
},
{
"name": "1023309",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023309"
},
{
"name": "60884",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60884"
},
{
"name": "HPSBUX02480",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.entsupport.symantec.com/docs/337859.htm"
},
{
"name": "1023318",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023318"
},
{
"name": "37685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37685"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.entsupport.symantec.com/docs/337392.htm"
},
{
"name": "1023312",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023312"
},
{
"name": "37631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37631"
},
{
"name": "ADV-2009-3483",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3483"
},
{
"name": "1023313",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023313"
},
{
"name": "multiple-symantec-vrtsweb-code-execution(54665)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54665"
},
{
"name": "20091209 ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508358/100/0/threaded"
},
{
"name": "1023311",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023311"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.entsupport.symantec.com/docs/337293.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.entsupport.symantec.com/docs/336988.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091209_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SSRT090253",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.entsupport.symantec.com/docs/337930.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-098/"
},
{
"name": "ADV-2009-3467",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3467"
},
{
"name": "37637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37637"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.entsupport.symantec.com/docs/337279.htm"
},
{
"name": "37012",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37012"
},
{
"name": "oval:org.mitre.oval:def:7986",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7986"
},
{
"name": "1023309",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023309"
},
{
"name": "60884",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60884"
},
{
"name": "HPSBUX02480",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.entsupport.symantec.com/docs/337859.htm"
},
{
"name": "1023318",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023318"
},
{
"name": "37685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37685"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.entsupport.symantec.com/docs/337392.htm"
},
{
"name": "1023312",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023312"
},
{
"name": "37631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37631"
},
{
"name": "ADV-2009-3483",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3483"
},
{
"name": "1023313",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023313"
},
{
"name": "multiple-symantec-vrtsweb-code-execution(54665)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54665"
},
{
"name": "20091209 ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508358/100/0/threaded"
},
{
"name": "1023311",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023311"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.entsupport.symantec.com/docs/337293.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.entsupport.symantec.com/docs/336988.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091209_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT090253",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
},
{
"name": "http://seer.entsupport.symantec.com/docs/337930.htm",
"refsource": "CONFIRM",
"url": "http://seer.entsupport.symantec.com/docs/337930.htm"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-098/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-098/"
},
{
"name": "ADV-2009-3467",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3467"
},
{
"name": "37637",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37637"
},
{
"name": "http://seer.entsupport.symantec.com/docs/337279.htm",
"refsource": "CONFIRM",
"url": "http://seer.entsupport.symantec.com/docs/337279.htm"
},
{
"name": "37012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37012"
},
{
"name": "oval:org.mitre.oval:def:7986",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7986"
},
{
"name": "1023309",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023309"
},
{
"name": "60884",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60884"
},
{
"name": "HPSBUX02480",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
},
{
"name": "http://seer.entsupport.symantec.com/docs/337859.htm",
"refsource": "CONFIRM",
"url": "http://seer.entsupport.symantec.com/docs/337859.htm"
},
{
"name": "1023318",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023318"
},
{
"name": "37685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37685"
},
{
"name": "http://seer.entsupport.symantec.com/docs/337392.htm",
"refsource": "CONFIRM",
"url": "http://seer.entsupport.symantec.com/docs/337392.htm"
},
{
"name": "1023312",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023312"
},
{
"name": "37631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37631"
},
{
"name": "ADV-2009-3483",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3483"
},
{
"name": "1023313",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023313"
},
{
"name": "multiple-symantec-vrtsweb-code-execution(54665)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54665"
},
{
"name": "20091209 ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508358/100/0/threaded"
},
{
"name": "1023311",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023311"
},
{
"name": "http://seer.entsupport.symantec.com/docs/337293.htm",
"refsource": "CONFIRM",
"url": "http://seer.entsupport.symantec.com/docs/337293.htm"
},
{
"name": "http://seer.entsupport.symantec.com/docs/336988.htm",
"refsource": "CONFIRM",
"url": "http://seer.entsupport.symantec.com/docs/336988.htm"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091209_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091209_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3027",
"datePublished": "2009-12-11T16:00:00",
"dateReserved": "2009-08-31T00:00:00",
"dateUpdated": "2024-08-07T06:14:56.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3703 (GCVE-0-2008-3703)
Vulnerability from cvelistv5 – Published: 2008-08-18 17:15 – Updated: 2024-08-07 09:45
VLAI?
Summary
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31486"
},
{
"name": "20080814 SYM08-015_SFW_SecurityUpdateBypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495481"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-053/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.08.14a.html"
},
{
"name": "30596",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30596"
},
{
"name": "ADV-2008-2395",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.entsupport.symantec.com/docs/306386.htm"
},
{
"name": "vsf-vxschedservice-code-execution(44466)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44466"
},
{
"name": "4161",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4161"
},
{
"name": "20080814 ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495487/100/0/threaded"
},
{
"name": "1020699",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020699"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create \"snapshots schedules\" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31486"
},
{
"name": "20080814 SYM08-015_SFW_SecurityUpdateBypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495481"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-053/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.08.14a.html"
},
{
"name": "30596",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30596"
},
{
"name": "ADV-2008-2395",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.entsupport.symantec.com/docs/306386.htm"
},
{
"name": "vsf-vxschedservice-code-execution(44466)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44466"
},
{
"name": "4161",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4161"
},
{
"name": "20080814 ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495487/100/0/threaded"
},
{
"name": "1020699",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020699"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create \"snapshots schedules\" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31486",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31486"
},
{
"name": "20080814 SYM08-015_SFW_SecurityUpdateBypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495481"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-053/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-053/"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2008.08.14a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2008.08.14a.html"
},
{
"name": "30596",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30596"
},
{
"name": "ADV-2008-2395",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2395"
},
{
"name": "http://seer.entsupport.symantec.com/docs/306386.htm",
"refsource": "CONFIRM",
"url": "http://seer.entsupport.symantec.com/docs/306386.htm"
},
{
"name": "vsf-vxschedservice-code-execution(44466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44466"
},
{
"name": "4161",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4161"
},
{
"name": "20080814 ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495487/100/0/threaded"
},
{
"name": "1020699",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020699"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3703",
"datePublished": "2008-08-18T17:15:00",
"dateReserved": "2008-08-18T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0638 (GCVE-0-2008-0638)
Vulnerability from cvelistv5 – Published: 2008-02-21 20:00 – Updated: 2024-08-07 07:54
VLAI?
Summary
Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:22.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html"
},
{
"name": "1019459",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019459"
},
{
"name": "29050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29050"
},
{
"name": "25778",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25778"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html"
},
{
"name": "20080220 ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488420/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html"
},
{
"name": "1019459",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019459"
},
{
"name": "29050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29050"
},
{
"name": "25778",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25778"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html"
},
{
"name": "20080220 ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488420/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html"
},
{
"name": "1019459",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019459"
},
{
"name": "29050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29050"
},
{
"name": "25778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25778"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html"
},
{
"name": "20080220 ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488420/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0638",
"datePublished": "2008-02-21T20:00:00",
"dateReserved": "2008-02-06T00:00:00",
"dateUpdated": "2024-08-07T07:54:22.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2279 (GCVE-0-2007-2279)
Vulnerability from cvelistv5 – Published: 2007-06-04 16:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.01.html"
},
{
"name": "25537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25537"
},
{
"name": "20070605 TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470562/100/0/threaded"
},
{
"name": "1018188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.entsupport.symantec.com/docs/288627.htm"
},
{
"name": "36104",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36104"
},
{
"name": "24194",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24194"
},
{
"name": "ADV-2007-2035",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2035"
},
{
"name": "symantec-scheduler-security-bypass(34680)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34680"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\\VxSvc\\CurrentVersion\\Schedules specifying future command execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.01.html"
},
{
"name": "25537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25537"
},
{
"name": "20070605 TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470562/100/0/threaded"
},
{
"name": "1018188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.entsupport.symantec.com/docs/288627.htm"
},
{
"name": "36104",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36104"
},
{
"name": "24194",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24194"
},
{
"name": "ADV-2007-2035",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2035"
},
{
"name": "symantec-scheduler-security-bypass(34680)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34680"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\\VxSvc\\CurrentVersion\\Schedules specifying future command execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/avcenter/security/Content/2007.06.01.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.01.html"
},
{
"name": "25537",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25537"
},
{
"name": "20070605 TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470562/100/0/threaded"
},
{
"name": "1018188",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018188"
},
{
"name": "http://seer.entsupport.symantec.com/docs/288627.htm",
"refsource": "CONFIRM",
"url": "http://seer.entsupport.symantec.com/docs/288627.htm"
},
{
"name": "36104",
"refsource": "OSVDB",
"url": "http://osvdb.org/36104"
},
{
"name": "24194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24194"
},
{
"name": "ADV-2007-2035",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2035"
},
{
"name": "symantec-scheduler-security-bypass(34680)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34680"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2279",
"datePublished": "2007-06-04T16:00:00",
"dateReserved": "2007-04-26T00:00:00",
"dateUpdated": "2024-08-07T13:33:28.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0547 (GCVE-0-2011-0547)
Vulnerability from nvd – Published: 2011-08-19 21:00 – Updated: 2024-08-06 21:58
VLAI?
Summary
Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:58:25.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-264/"
},
{
"name": "HPSBUX02700",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
},
{
"name": "SSRT100506",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14792",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14792"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-263/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH165536"
},
{
"name": "49014",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49014"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110815_00"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-262/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-264/"
},
{
"name": "HPSBUX02700",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
},
{
"name": "SSRT100506",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14792",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14792"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-263/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH165536"
},
{
"name": "49014",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49014"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110815_00"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zerodayinitiative.com/advisories/ZDI-11-262/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-264/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-264/"
},
{
"name": "HPSBUX02700",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
},
{
"name": "SSRT100506",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:14792",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14792"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-263/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-263/"
},
{
"name": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH165536",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH165536"
},
{
"name": "49014",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49014"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110815_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110815_00"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-11-262/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-11-262/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0547",
"datePublished": "2011-08-19T21:00:00",
"dateReserved": "2011-01-20T00:00:00",
"dateUpdated": "2024-08-06T21:58:25.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3027 (GCVE-0-2009-3027)
Vulnerability from nvd – Published: 2009-12-11 16:00 – Updated: 2024-08-07 06:14
VLAI?
Summary
VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SSRT090253",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.entsupport.symantec.com/docs/337930.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-098/"
},
{
"name": "ADV-2009-3467",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3467"
},
{
"name": "37637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37637"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.entsupport.symantec.com/docs/337279.htm"
},
{
"name": "37012",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37012"
},
{
"name": "oval:org.mitre.oval:def:7986",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7986"
},
{
"name": "1023309",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023309"
},
{
"name": "60884",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/60884"
},
{
"name": "HPSBUX02480",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.entsupport.symantec.com/docs/337859.htm"
},
{
"name": "1023318",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023318"
},
{
"name": "37685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37685"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.entsupport.symantec.com/docs/337392.htm"
},
{
"name": "1023312",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023312"
},
{
"name": "37631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37631"
},
{
"name": "ADV-2009-3483",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3483"
},
{
"name": "1023313",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023313"
},
{
"name": "multiple-symantec-vrtsweb-code-execution(54665)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54665"
},
{
"name": "20091209 ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508358/100/0/threaded"
},
{
"name": "1023311",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023311"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.entsupport.symantec.com/docs/337293.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.entsupport.symantec.com/docs/336988.htm"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091209_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SSRT090253",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.entsupport.symantec.com/docs/337930.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-098/"
},
{
"name": "ADV-2009-3467",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3467"
},
{
"name": "37637",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37637"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.entsupport.symantec.com/docs/337279.htm"
},
{
"name": "37012",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37012"
},
{
"name": "oval:org.mitre.oval:def:7986",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7986"
},
{
"name": "1023309",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023309"
},
{
"name": "60884",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/60884"
},
{
"name": "HPSBUX02480",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.entsupport.symantec.com/docs/337859.htm"
},
{
"name": "1023318",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023318"
},
{
"name": "37685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37685"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.entsupport.symantec.com/docs/337392.htm"
},
{
"name": "1023312",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023312"
},
{
"name": "37631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37631"
},
{
"name": "ADV-2009-3483",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3483"
},
{
"name": "1023313",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023313"
},
{
"name": "multiple-symantec-vrtsweb-code-execution(54665)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54665"
},
{
"name": "20091209 ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508358/100/0/threaded"
},
{
"name": "1023311",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023311"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.entsupport.symantec.com/docs/337293.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.entsupport.symantec.com/docs/336988.htm"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091209_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT090253",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
},
{
"name": "http://seer.entsupport.symantec.com/docs/337930.htm",
"refsource": "CONFIRM",
"url": "http://seer.entsupport.symantec.com/docs/337930.htm"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-098/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-098/"
},
{
"name": "ADV-2009-3467",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3467"
},
{
"name": "37637",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37637"
},
{
"name": "http://seer.entsupport.symantec.com/docs/337279.htm",
"refsource": "CONFIRM",
"url": "http://seer.entsupport.symantec.com/docs/337279.htm"
},
{
"name": "37012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37012"
},
{
"name": "oval:org.mitre.oval:def:7986",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7986"
},
{
"name": "1023309",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023309"
},
{
"name": "60884",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60884"
},
{
"name": "HPSBUX02480",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
},
{
"name": "http://seer.entsupport.symantec.com/docs/337859.htm",
"refsource": "CONFIRM",
"url": "http://seer.entsupport.symantec.com/docs/337859.htm"
},
{
"name": "1023318",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023318"
},
{
"name": "37685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37685"
},
{
"name": "http://seer.entsupport.symantec.com/docs/337392.htm",
"refsource": "CONFIRM",
"url": "http://seer.entsupport.symantec.com/docs/337392.htm"
},
{
"name": "1023312",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023312"
},
{
"name": "37631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37631"
},
{
"name": "ADV-2009-3483",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3483"
},
{
"name": "1023313",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023313"
},
{
"name": "multiple-symantec-vrtsweb-code-execution(54665)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54665"
},
{
"name": "20091209 ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508358/100/0/threaded"
},
{
"name": "1023311",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023311"
},
{
"name": "http://seer.entsupport.symantec.com/docs/337293.htm",
"refsource": "CONFIRM",
"url": "http://seer.entsupport.symantec.com/docs/337293.htm"
},
{
"name": "http://seer.entsupport.symantec.com/docs/336988.htm",
"refsource": "CONFIRM",
"url": "http://seer.entsupport.symantec.com/docs/336988.htm"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091209_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091209_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3027",
"datePublished": "2009-12-11T16:00:00",
"dateReserved": "2009-08-31T00:00:00",
"dateUpdated": "2024-08-07T06:14:56.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3703 (GCVE-0-2008-3703)
Vulnerability from nvd – Published: 2008-08-18 17:15 – Updated: 2024-08-07 09:45
VLAI?
Summary
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.186Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31486"
},
{
"name": "20080814 SYM08-015_SFW_SecurityUpdateBypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495481"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-053/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.08.14a.html"
},
{
"name": "30596",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30596"
},
{
"name": "ADV-2008-2395",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2395"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.entsupport.symantec.com/docs/306386.htm"
},
{
"name": "vsf-vxschedservice-code-execution(44466)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44466"
},
{
"name": "4161",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4161"
},
{
"name": "20080814 ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495487/100/0/threaded"
},
{
"name": "1020699",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1020699"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create \"snapshots schedules\" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31486",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31486"
},
{
"name": "20080814 SYM08-015_SFW_SecurityUpdateBypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495481"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-053/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.08.14a.html"
},
{
"name": "30596",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30596"
},
{
"name": "ADV-2008-2395",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2395"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.entsupport.symantec.com/docs/306386.htm"
},
{
"name": "vsf-vxschedservice-code-execution(44466)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44466"
},
{
"name": "4161",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4161"
},
{
"name": "20080814 ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495487/100/0/threaded"
},
{
"name": "1020699",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1020699"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create \"snapshots schedules\" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31486",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31486"
},
{
"name": "20080814 SYM08-015_SFW_SecurityUpdateBypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495481"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-053/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-053/"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2008.08.14a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2008.08.14a.html"
},
{
"name": "30596",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30596"
},
{
"name": "ADV-2008-2395",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2395"
},
{
"name": "http://seer.entsupport.symantec.com/docs/306386.htm",
"refsource": "CONFIRM",
"url": "http://seer.entsupport.symantec.com/docs/306386.htm"
},
{
"name": "vsf-vxschedservice-code-execution(44466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44466"
},
{
"name": "4161",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4161"
},
{
"name": "20080814 ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495487/100/0/threaded"
},
{
"name": "1020699",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020699"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3703",
"datePublished": "2008-08-18T17:15:00",
"dateReserved": "2008-08-18T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0638 (GCVE-0-2008-0638)
Vulnerability from nvd – Published: 2008-02-21 20:00 – Updated: 2024-08-07 07:54
VLAI?
Summary
Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:22.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html"
},
{
"name": "1019459",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019459"
},
{
"name": "29050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29050"
},
{
"name": "25778",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25778"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html"
},
{
"name": "20080220 ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488420/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html"
},
{
"name": "1019459",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019459"
},
{
"name": "29050",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29050"
},
{
"name": "25778",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25778"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html"
},
{
"name": "20080220 ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488420/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html"
},
{
"name": "1019459",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019459"
},
{
"name": "29050",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29050"
},
{
"name": "25778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25778"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html"
},
{
"name": "20080220 ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488420/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0638",
"datePublished": "2008-02-21T20:00:00",
"dateReserved": "2008-02-06T00:00:00",
"dateUpdated": "2024-08-07T07:54:22.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2279 (GCVE-0-2007-2279)
Vulnerability from nvd – Published: 2007-06-04 16:00 – Updated: 2024-08-07 13:33
VLAI?
Summary
The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:33:28.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.01.html"
},
{
"name": "25537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25537"
},
{
"name": "20070605 TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/470562/100/0/threaded"
},
{
"name": "1018188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://seer.entsupport.symantec.com/docs/288627.htm"
},
{
"name": "36104",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36104"
},
{
"name": "24194",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24194"
},
{
"name": "ADV-2007-2035",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2035"
},
{
"name": "symantec-scheduler-security-bypass(34680)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34680"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\\VxSvc\\CurrentVersion\\Schedules specifying future command execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.01.html"
},
{
"name": "25537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25537"
},
{
"name": "20070605 TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/470562/100/0/threaded"
},
{
"name": "1018188",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://seer.entsupport.symantec.com/docs/288627.htm"
},
{
"name": "36104",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36104"
},
{
"name": "24194",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24194"
},
{
"name": "ADV-2007-2035",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2035"
},
{
"name": "symantec-scheduler-security-bypass(34680)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34680"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\\VxSvc\\CurrentVersion\\Schedules specifying future command execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/avcenter/security/Content/2007.06.01.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2007.06.01.html"
},
{
"name": "25537",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25537"
},
{
"name": "20070605 TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/470562/100/0/threaded"
},
{
"name": "1018188",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018188"
},
{
"name": "http://seer.entsupport.symantec.com/docs/288627.htm",
"refsource": "CONFIRM",
"url": "http://seer.entsupport.symantec.com/docs/288627.htm"
},
{
"name": "36104",
"refsource": "OSVDB",
"url": "http://osvdb.org/36104"
},
{
"name": "24194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24194"
},
{
"name": "ADV-2007-2035",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2035"
},
{
"name": "symantec-scheduler-security-bypass(34680)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34680"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2279",
"datePublished": "2007-06-04T16:00:00",
"dateReserved": "2007-04-26T00:00:00",
"dateUpdated": "2024-08-07T13:33:28.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}