Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for veritas_storage_foundation by symantec

    CVE-2011-0547 (GCVE-0-2011-0547)

    Vulnerability from nvd – Published: 2011-08-19 21:00 – Updated: 2024-08-06 21:58
    VLAI
    Summary
    Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-08-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:58:25.549Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://zerodayinitiative.com/advisories/ZDI-11-264/"
              },
              {
                "name": "HPSBUX02700",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
              },
              {
                "name": "SSRT100506",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
              },
              {
                "name": "oval:org.mitre.oval:def:14792",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14792"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://zerodayinitiative.com/advisories/ZDI-11-263/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH165536"
              },
              {
                "name": "49014",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/49014"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110815_00"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://zerodayinitiative.com/advisories/ZDI-11-262/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://zerodayinitiative.com/advisories/ZDI-11-264/"
            },
            {
              "name": "HPSBUX02700",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
            },
            {
              "name": "SSRT100506",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:14792",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14792"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://zerodayinitiative.com/advisories/ZDI-11-263/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH165536"
            },
            {
              "name": "49014",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/49014"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110815_00"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://zerodayinitiative.com/advisories/ZDI-11-262/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0547",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://zerodayinitiative.com/advisories/ZDI-11-264/",
                  "refsource": "MISC",
                  "url": "http://zerodayinitiative.com/advisories/ZDI-11-264/"
                },
                {
                  "name": "HPSBUX02700",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
                },
                {
                  "name": "SSRT100506",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
                },
                {
                  "name": "oval:org.mitre.oval:def:14792",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14792"
                },
                {
                  "name": "http://zerodayinitiative.com/advisories/ZDI-11-263/",
                  "refsource": "MISC",
                  "url": "http://zerodayinitiative.com/advisories/ZDI-11-263/"
                },
                {
                  "name": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH165536",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH165536"
                },
                {
                  "name": "49014",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/49014"
                },
                {
                  "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110815_00",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110815_00"
                },
                {
                  "name": "http://zerodayinitiative.com/advisories/ZDI-11-262/",
                  "refsource": "MISC",
                  "url": "http://zerodayinitiative.com/advisories/ZDI-11-262/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0547",
        "datePublished": "2011-08-19T21:00:00.000Z",
        "dateReserved": "2011-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:58:25.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3027 (GCVE-0-2009-3027)

    Vulnerability from nvd – Published: 2009-12-11 16:00 – Updated: 2024-08-07 06:14
    VLAI
    Summary
    VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://marc.info/?l=bugtraq&m=126046186917330&w=2 vendor-advisoryx_refsource_HP
    http://seer.entsupport.symantec.com/docs/337930.htm x_refsource_CONFIRM
    http://www.zerodayinitiative.com/advisories/ZDI-09-098/ x_refsource_MISC
    http://www.vupen.com/english/advisories/2009/3467 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/37637 third-party-advisoryx_refsource_SECUNIA
    http://seer.entsupport.symantec.com/docs/337279.htm x_refsource_CONFIRM
    http://www.securityfocus.com/bid/37012 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://securitytracker.com/id?1023309 vdb-entryx_refsource_SECTRACK
    http://www.osvdb.org/60884 vdb-entryx_refsource_OSVDB
    http://seer.entsupport.symantec.com/docs/337859.htm x_refsource_CONFIRM
    http://www.securitytracker.com/id?1023318 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/37685 third-party-advisoryx_refsource_SECUNIA
    http://seer.entsupport.symantec.com/docs/337392.htm x_refsource_CONFIRM
    http://securitytracker.com/id?1023312 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/37631 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/3483 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1023313 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/508358/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1023311 vdb-entryx_refsource_SECTRACK
    http://seer.entsupport.symantec.com/docs/337293.htm x_refsource_CONFIRM
    http://seer.entsupport.symantec.com/docs/336988.htm x_refsource_CONFIRM
    http://www.symantec.com/security_response/securit… x_refsource_CONFIRM
    Date Public
    2009-12-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:14:56.480Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SSRT090253",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seer.entsupport.symantec.com/docs/337930.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-098/"
              },
              {
                "name": "ADV-2009-3467",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3467"
              },
              {
                "name": "37637",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37637"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seer.entsupport.symantec.com/docs/337279.htm"
              },
              {
                "name": "37012",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/37012"
              },
              {
                "name": "oval:org.mitre.oval:def:7986",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7986"
              },
              {
                "name": "1023309",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1023309"
              },
              {
                "name": "60884",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/60884"
              },
              {
                "name": "HPSBUX02480",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seer.entsupport.symantec.com/docs/337859.htm"
              },
              {
                "name": "1023318",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1023318"
              },
              {
                "name": "37685",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37685"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seer.entsupport.symantec.com/docs/337392.htm"
              },
              {
                "name": "1023312",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1023312"
              },
              {
                "name": "37631",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37631"
              },
              {
                "name": "ADV-2009-3483",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3483"
              },
              {
                "name": "1023313",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1023313"
              },
              {
                "name": "multiple-symantec-vrtsweb-code-execution(54665)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54665"
              },
              {
                "name": "20091209 ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/508358/100/0/threaded"
              },
              {
                "name": "1023311",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1023311"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seer.entsupport.symantec.com/docs/337293.htm"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seer.entsupport.symantec.com/docs/336988.htm"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091209_00"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-12-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SSRT090253",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seer.entsupport.symantec.com/docs/337930.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-098/"
            },
            {
              "name": "ADV-2009-3467",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3467"
            },
            {
              "name": "37637",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37637"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seer.entsupport.symantec.com/docs/337279.htm"
            },
            {
              "name": "37012",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/37012"
            },
            {
              "name": "oval:org.mitre.oval:def:7986",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7986"
            },
            {
              "name": "1023309",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1023309"
            },
            {
              "name": "60884",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/60884"
            },
            {
              "name": "HPSBUX02480",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seer.entsupport.symantec.com/docs/337859.htm"
            },
            {
              "name": "1023318",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1023318"
            },
            {
              "name": "37685",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37685"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seer.entsupport.symantec.com/docs/337392.htm"
            },
            {
              "name": "1023312",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1023312"
            },
            {
              "name": "37631",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37631"
            },
            {
              "name": "ADV-2009-3483",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3483"
            },
            {
              "name": "1023313",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1023313"
            },
            {
              "name": "multiple-symantec-vrtsweb-code-execution(54665)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54665"
            },
            {
              "name": "20091209 ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/508358/100/0/threaded"
            },
            {
              "name": "1023311",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1023311"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seer.entsupport.symantec.com/docs/337293.htm"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seer.entsupport.symantec.com/docs/336988.htm"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091209_00"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3027",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SSRT090253",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
                },
                {
                  "name": "http://seer.entsupport.symantec.com/docs/337930.htm",
                  "refsource": "CONFIRM",
                  "url": "http://seer.entsupport.symantec.com/docs/337930.htm"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-098/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-098/"
                },
                {
                  "name": "ADV-2009-3467",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3467"
                },
                {
                  "name": "37637",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37637"
                },
                {
                  "name": "http://seer.entsupport.symantec.com/docs/337279.htm",
                  "refsource": "CONFIRM",
                  "url": "http://seer.entsupport.symantec.com/docs/337279.htm"
                },
                {
                  "name": "37012",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/37012"
                },
                {
                  "name": "oval:org.mitre.oval:def:7986",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7986"
                },
                {
                  "name": "1023309",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1023309"
                },
                {
                  "name": "60884",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/60884"
                },
                {
                  "name": "HPSBUX02480",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
                },
                {
                  "name": "http://seer.entsupport.symantec.com/docs/337859.htm",
                  "refsource": "CONFIRM",
                  "url": "http://seer.entsupport.symantec.com/docs/337859.htm"
                },
                {
                  "name": "1023318",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1023318"
                },
                {
                  "name": "37685",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37685"
                },
                {
                  "name": "http://seer.entsupport.symantec.com/docs/337392.htm",
                  "refsource": "CONFIRM",
                  "url": "http://seer.entsupport.symantec.com/docs/337392.htm"
                },
                {
                  "name": "1023312",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1023312"
                },
                {
                  "name": "37631",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37631"
                },
                {
                  "name": "ADV-2009-3483",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3483"
                },
                {
                  "name": "1023313",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1023313"
                },
                {
                  "name": "multiple-symantec-vrtsweb-code-execution(54665)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54665"
                },
                {
                  "name": "20091209 ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/508358/100/0/threaded"
                },
                {
                  "name": "1023311",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1023311"
                },
                {
                  "name": "http://seer.entsupport.symantec.com/docs/337293.htm",
                  "refsource": "CONFIRM",
                  "url": "http://seer.entsupport.symantec.com/docs/337293.htm"
                },
                {
                  "name": "http://seer.entsupport.symantec.com/docs/336988.htm",
                  "refsource": "CONFIRM",
                  "url": "http://seer.entsupport.symantec.com/docs/336988.htm"
                },
                {
                  "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091209_00",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091209_00"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3027",
        "datePublished": "2009-12-11T16:00:00.000Z",
        "dateReserved": "2009-08-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:14:56.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3703 (GCVE-0-2008-3703)

    Vulnerability from nvd – Published: 2008-08-18 17:15 – Updated: 2024-08-07 09:45
    VLAI
    Summary
    The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-08-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:45:19.186Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "31486",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31486"
              },
              {
                "name": "20080814 SYM08-015_SFW_SecurityUpdateBypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/495481"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-053/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/avcenter/security/Content/2008.08.14a.html"
              },
              {
                "name": "30596",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30596"
              },
              {
                "name": "ADV-2008-2395",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2395"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seer.entsupport.symantec.com/docs/306386.htm"
              },
              {
                "name": "vsf-vxschedservice-code-execution(44466)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44466"
              },
              {
                "name": "4161",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4161"
              },
              {
                "name": "20080814 ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/495487/100/0/threaded"
              },
              {
                "name": "1020699",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020699"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create \"snapshots schedules\" registry values specifying future command execution.  NOTE: this issue exists because of an incomplete fix for CVE-2007-2279."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "31486",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31486"
            },
            {
              "name": "20080814 SYM08-015_SFW_SecurityUpdateBypass",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/495481"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-053/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/avcenter/security/Content/2008.08.14a.html"
            },
            {
              "name": "30596",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30596"
            },
            {
              "name": "ADV-2008-2395",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2395"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seer.entsupport.symantec.com/docs/306386.htm"
            },
            {
              "name": "vsf-vxschedservice-code-execution(44466)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44466"
            },
            {
              "name": "4161",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4161"
            },
            {
              "name": "20080814 ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/495487/100/0/threaded"
            },
            {
              "name": "1020699",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020699"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3703",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create \"snapshots schedules\" registry values specifying future command execution.  NOTE: this issue exists because of an incomplete fix for CVE-2007-2279."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "31486",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31486"
                },
                {
                  "name": "20080814 SYM08-015_SFW_SecurityUpdateBypass",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/495481"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-053/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-053/"
                },
                {
                  "name": "http://www.symantec.com/avcenter/security/Content/2008.08.14a.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/avcenter/security/Content/2008.08.14a.html"
                },
                {
                  "name": "30596",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30596"
                },
                {
                  "name": "ADV-2008-2395",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2395"
                },
                {
                  "name": "http://seer.entsupport.symantec.com/docs/306386.htm",
                  "refsource": "CONFIRM",
                  "url": "http://seer.entsupport.symantec.com/docs/306386.htm"
                },
                {
                  "name": "vsf-vxschedservice-code-execution(44466)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44466"
                },
                {
                  "name": "4161",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4161"
                },
                {
                  "name": "20080814 ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/495487/100/0/threaded"
                },
                {
                  "name": "1020699",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020699"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3703",
        "datePublished": "2008-08-18T17:15:00.000Z",
        "dateReserved": "2008-08-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:45:19.186Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0638 (GCVE-0-2008-0638)

    Vulnerability from nvd – Published: 2008-02-21 20:00 – Updated: 2024-08-07 07:54
    VLAI
    Summary
    Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.symantec.com/avcenter/security/Content… x_refsource_CONFIRM
    http://securitytracker.com/id?1019459 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29050 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/25778 vdb-entryx_refsource_BID
    http://www.zerodayinitiative.com/advisories/ZDI-0… x_refsource_MISC
    http://www.securityfocus.com/archive/1/488420/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2008-02-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:54:22.473Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html"
              },
              {
                "name": "1019459",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019459"
              },
              {
                "name": "29050",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29050"
              },
              {
                "name": "25778",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25778"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html"
              },
              {
                "name": "20080220 ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/488420/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html"
            },
            {
              "name": "1019459",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019459"
            },
            {
              "name": "29050",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29050"
            },
            {
              "name": "25778",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25778"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html"
            },
            {
              "name": "20080220 ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/488420/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0638",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html"
                },
                {
                  "name": "1019459",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019459"
                },
                {
                  "name": "29050",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29050"
                },
                {
                  "name": "25778",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25778"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html"
                },
                {
                  "name": "20080220 ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/488420/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0638",
        "datePublished": "2008-02-21T20:00:00.000Z",
        "dateReserved": "2008-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:54:22.473Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2279 (GCVE-0-2007-2279)

    Vulnerability from nvd – Published: 2007-06-04 16:00 – Updated: 2024-08-07 13:33
    VLAI
    Summary
    The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.symantec.com/avcenter/security/Content… x_refsource_CONFIRM
    http://secunia.com/advisories/25537 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/470562/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1018188 vdb-entryx_refsource_SECTRACK
    http://seer.entsupport.symantec.com/docs/288627.htm x_refsource_CONFIRM
    http://osvdb.org/36104 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/24194 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2007/2035 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-06-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:33:28.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/avcenter/security/Content/2007.06.01.html"
              },
              {
                "name": "25537",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25537"
              },
              {
                "name": "20070605 TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/470562/100/0/threaded"
              },
              {
                "name": "1018188",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018188"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seer.entsupport.symantec.com/docs/288627.htm"
              },
              {
                "name": "36104",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/36104"
              },
              {
                "name": "24194",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24194"
              },
              {
                "name": "ADV-2007-2035",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2035"
              },
              {
                "name": "symantec-scheduler-security-bypass(34680)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34680"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-06-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\\VxSvc\\CurrentVersion\\Schedules specifying future command execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/avcenter/security/Content/2007.06.01.html"
            },
            {
              "name": "25537",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25537"
            },
            {
              "name": "20070605 TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/470562/100/0/threaded"
            },
            {
              "name": "1018188",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018188"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seer.entsupport.symantec.com/docs/288627.htm"
            },
            {
              "name": "36104",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/36104"
            },
            {
              "name": "24194",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24194"
            },
            {
              "name": "ADV-2007-2035",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2035"
            },
            {
              "name": "symantec-scheduler-security-bypass(34680)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34680"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2279",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\\VxSvc\\CurrentVersion\\Schedules specifying future command execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.symantec.com/avcenter/security/Content/2007.06.01.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/avcenter/security/Content/2007.06.01.html"
                },
                {
                  "name": "25537",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25537"
                },
                {
                  "name": "20070605 TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/470562/100/0/threaded"
                },
                {
                  "name": "1018188",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018188"
                },
                {
                  "name": "http://seer.entsupport.symantec.com/docs/288627.htm",
                  "refsource": "CONFIRM",
                  "url": "http://seer.entsupport.symantec.com/docs/288627.htm"
                },
                {
                  "name": "36104",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/36104"
                },
                {
                  "name": "24194",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24194"
                },
                {
                  "name": "ADV-2007-2035",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2035"
                },
                {
                  "name": "symantec-scheduler-security-bypass(34680)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34680"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2279",
        "datePublished": "2007-06-04T16:00:00.000Z",
        "dateReserved": "2007-04-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:33:28.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0547 (GCVE-0-2011-0547)

    Vulnerability from cvelistv5 – Published: 2011-08-19 21:00 – Updated: 2024-08-06 21:58
    VLAI
    Summary
    Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2011-08-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:58:25.549Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://zerodayinitiative.com/advisories/ZDI-11-264/"
              },
              {
                "name": "HPSBUX02700",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
              },
              {
                "name": "SSRT100506",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
              },
              {
                "name": "oval:org.mitre.oval:def:14792",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14792"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://zerodayinitiative.com/advisories/ZDI-11-263/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH165536"
              },
              {
                "name": "49014",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/49014"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110815_00"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://zerodayinitiative.com/advisories/ZDI-11-262/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-18T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://zerodayinitiative.com/advisories/ZDI-11-264/"
            },
            {
              "name": "HPSBUX02700",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
            },
            {
              "name": "SSRT100506",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:14792",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14792"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://zerodayinitiative.com/advisories/ZDI-11-263/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH165536"
            },
            {
              "name": "49014",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/49014"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110815_00"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://zerodayinitiative.com/advisories/ZDI-11-262/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0547",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://zerodayinitiative.com/advisories/ZDI-11-264/",
                  "refsource": "MISC",
                  "url": "http://zerodayinitiative.com/advisories/ZDI-11-264/"
                },
                {
                  "name": "HPSBUX02700",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
                },
                {
                  "name": "SSRT100506",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=131955939603667\u0026w=2"
                },
                {
                  "name": "oval:org.mitre.oval:def:14792",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14792"
                },
                {
                  "name": "http://zerodayinitiative.com/advisories/ZDI-11-263/",
                  "refsource": "MISC",
                  "url": "http://zerodayinitiative.com/advisories/ZDI-11-263/"
                },
                {
                  "name": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH165536",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/business/support/index?page=content\u0026id=TECH165536"
                },
                {
                  "name": "49014",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/49014"
                },
                {
                  "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110815_00",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2011\u0026suid=20110815_00"
                },
                {
                  "name": "http://zerodayinitiative.com/advisories/ZDI-11-262/",
                  "refsource": "MISC",
                  "url": "http://zerodayinitiative.com/advisories/ZDI-11-262/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0547",
        "datePublished": "2011-08-19T21:00:00.000Z",
        "dateReserved": "2011-01-20T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:58:25.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-3027 (GCVE-0-2009-3027)

    Vulnerability from cvelistv5 – Published: 2009-12-11 16:00 – Updated: 2024-08-07 06:14
    VLAI
    Summary
    VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://marc.info/?l=bugtraq&m=126046186917330&w=2 vendor-advisoryx_refsource_HP
    http://seer.entsupport.symantec.com/docs/337930.htm x_refsource_CONFIRM
    http://www.zerodayinitiative.com/advisories/ZDI-09-098/ x_refsource_MISC
    http://www.vupen.com/english/advisories/2009/3467 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/37637 third-party-advisoryx_refsource_SECUNIA
    http://seer.entsupport.symantec.com/docs/337279.htm x_refsource_CONFIRM
    http://www.securityfocus.com/bid/37012 vdb-entryx_refsource_BID
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://securitytracker.com/id?1023309 vdb-entryx_refsource_SECTRACK
    http://www.osvdb.org/60884 vdb-entryx_refsource_OSVDB
    http://seer.entsupport.symantec.com/docs/337859.htm x_refsource_CONFIRM
    http://www.securitytracker.com/id?1023318 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/37685 third-party-advisoryx_refsource_SECUNIA
    http://seer.entsupport.symantec.com/docs/337392.htm x_refsource_CONFIRM
    http://securitytracker.com/id?1023312 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/37631 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2009/3483 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1023313 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/508358/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1023311 vdb-entryx_refsource_SECTRACK
    http://seer.entsupport.symantec.com/docs/337293.htm x_refsource_CONFIRM
    http://seer.entsupport.symantec.com/docs/336988.htm x_refsource_CONFIRM
    http://www.symantec.com/security_response/securit… x_refsource_CONFIRM
    Date Public
    2009-12-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T06:14:56.480Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SSRT090253",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seer.entsupport.symantec.com/docs/337930.htm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-098/"
              },
              {
                "name": "ADV-2009-3467",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3467"
              },
              {
                "name": "37637",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37637"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seer.entsupport.symantec.com/docs/337279.htm"
              },
              {
                "name": "37012",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/37012"
              },
              {
                "name": "oval:org.mitre.oval:def:7986",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7986"
              },
              {
                "name": "1023309",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1023309"
              },
              {
                "name": "60884",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/60884"
              },
              {
                "name": "HPSBUX02480",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seer.entsupport.symantec.com/docs/337859.htm"
              },
              {
                "name": "1023318",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1023318"
              },
              {
                "name": "37685",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37685"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seer.entsupport.symantec.com/docs/337392.htm"
              },
              {
                "name": "1023312",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1023312"
              },
              {
                "name": "37631",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37631"
              },
              {
                "name": "ADV-2009-3483",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/3483"
              },
              {
                "name": "1023313",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1023313"
              },
              {
                "name": "multiple-symantec-vrtsweb-code-execution(54665)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54665"
              },
              {
                "name": "20091209 ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/508358/100/0/threaded"
              },
              {
                "name": "1023311",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1023311"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seer.entsupport.symantec.com/docs/337293.htm"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seer.entsupport.symantec.com/docs/336988.htm"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091209_00"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-12-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "SSRT090253",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seer.entsupport.symantec.com/docs/337930.htm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-098/"
            },
            {
              "name": "ADV-2009-3467",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3467"
            },
            {
              "name": "37637",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37637"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seer.entsupport.symantec.com/docs/337279.htm"
            },
            {
              "name": "37012",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/37012"
            },
            {
              "name": "oval:org.mitre.oval:def:7986",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7986"
            },
            {
              "name": "1023309",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1023309"
            },
            {
              "name": "60884",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/60884"
            },
            {
              "name": "HPSBUX02480",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seer.entsupport.symantec.com/docs/337859.htm"
            },
            {
              "name": "1023318",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1023318"
            },
            {
              "name": "37685",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37685"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seer.entsupport.symantec.com/docs/337392.htm"
            },
            {
              "name": "1023312",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1023312"
            },
            {
              "name": "37631",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37631"
            },
            {
              "name": "ADV-2009-3483",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/3483"
            },
            {
              "name": "1023313",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1023313"
            },
            {
              "name": "multiple-symantec-vrtsweb-code-execution(54665)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54665"
            },
            {
              "name": "20091209 ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/508358/100/0/threaded"
            },
            {
              "name": "1023311",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1023311"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seer.entsupport.symantec.com/docs/337293.htm"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seer.entsupport.symantec.com/docs/336988.htm"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091209_00"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-3027",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "SSRT090253",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
                },
                {
                  "name": "http://seer.entsupport.symantec.com/docs/337930.htm",
                  "refsource": "CONFIRM",
                  "url": "http://seer.entsupport.symantec.com/docs/337930.htm"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-098/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-098/"
                },
                {
                  "name": "ADV-2009-3467",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3467"
                },
                {
                  "name": "37637",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37637"
                },
                {
                  "name": "http://seer.entsupport.symantec.com/docs/337279.htm",
                  "refsource": "CONFIRM",
                  "url": "http://seer.entsupport.symantec.com/docs/337279.htm"
                },
                {
                  "name": "37012",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/37012"
                },
                {
                  "name": "oval:org.mitre.oval:def:7986",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7986"
                },
                {
                  "name": "1023309",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1023309"
                },
                {
                  "name": "60884",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/60884"
                },
                {
                  "name": "HPSBUX02480",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=126046186917330\u0026w=2"
                },
                {
                  "name": "http://seer.entsupport.symantec.com/docs/337859.htm",
                  "refsource": "CONFIRM",
                  "url": "http://seer.entsupport.symantec.com/docs/337859.htm"
                },
                {
                  "name": "1023318",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1023318"
                },
                {
                  "name": "37685",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37685"
                },
                {
                  "name": "http://seer.entsupport.symantec.com/docs/337392.htm",
                  "refsource": "CONFIRM",
                  "url": "http://seer.entsupport.symantec.com/docs/337392.htm"
                },
                {
                  "name": "1023312",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1023312"
                },
                {
                  "name": "37631",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37631"
                },
                {
                  "name": "ADV-2009-3483",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/3483"
                },
                {
                  "name": "1023313",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1023313"
                },
                {
                  "name": "multiple-symantec-vrtsweb-code-execution(54665)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54665"
                },
                {
                  "name": "20091209 ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/508358/100/0/threaded"
                },
                {
                  "name": "1023311",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1023311"
                },
                {
                  "name": "http://seer.entsupport.symantec.com/docs/337293.htm",
                  "refsource": "CONFIRM",
                  "url": "http://seer.entsupport.symantec.com/docs/337293.htm"
                },
                {
                  "name": "http://seer.entsupport.symantec.com/docs/336988.htm",
                  "refsource": "CONFIRM",
                  "url": "http://seer.entsupport.symantec.com/docs/336988.htm"
                },
                {
                  "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091209_00",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20091209_00"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-3027",
        "datePublished": "2009-12-11T16:00:00.000Z",
        "dateReserved": "2009-08-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T06:14:56.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-3703 (GCVE-0-2008-3703)

    Vulnerability from cvelistv5 – Published: 2008-08-18 17:15 – Updated: 2024-08-07 09:45
    VLAI
    Summary
    The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-08-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T09:45:19.186Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "31486",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/31486"
              },
              {
                "name": "20080814 SYM08-015_SFW_SecurityUpdateBypass",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/495481"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-053/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/avcenter/security/Content/2008.08.14a.html"
              },
              {
                "name": "30596",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/30596"
              },
              {
                "name": "ADV-2008-2395",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/2395"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seer.entsupport.symantec.com/docs/306386.htm"
              },
              {
                "name": "vsf-vxschedservice-code-execution(44466)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44466"
              },
              {
                "name": "4161",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/4161"
              },
              {
                "name": "20080814 ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/495487/100/0/threaded"
              },
              {
                "name": "1020699",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1020699"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-08-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create \"snapshots schedules\" registry values specifying future command execution.  NOTE: this issue exists because of an incomplete fix for CVE-2007-2279."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "31486",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/31486"
            },
            {
              "name": "20080814 SYM08-015_SFW_SecurityUpdateBypass",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/495481"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-053/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/avcenter/security/Content/2008.08.14a.html"
            },
            {
              "name": "30596",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/30596"
            },
            {
              "name": "ADV-2008-2395",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2395"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seer.entsupport.symantec.com/docs/306386.htm"
            },
            {
              "name": "vsf-vxschedservice-code-execution(44466)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44466"
            },
            {
              "name": "4161",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/4161"
            },
            {
              "name": "20080814 ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/495487/100/0/threaded"
            },
            {
              "name": "1020699",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1020699"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-3703",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create \"snapshots schedules\" registry values specifying future command execution.  NOTE: this issue exists because of an incomplete fix for CVE-2007-2279."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "31486",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/31486"
                },
                {
                  "name": "20080814 SYM08-015_SFW_SecurityUpdateBypass",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/495481"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-053/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-053/"
                },
                {
                  "name": "http://www.symantec.com/avcenter/security/Content/2008.08.14a.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/avcenter/security/Content/2008.08.14a.html"
                },
                {
                  "name": "30596",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/30596"
                },
                {
                  "name": "ADV-2008-2395",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/2395"
                },
                {
                  "name": "http://seer.entsupport.symantec.com/docs/306386.htm",
                  "refsource": "CONFIRM",
                  "url": "http://seer.entsupport.symantec.com/docs/306386.htm"
                },
                {
                  "name": "vsf-vxschedservice-code-execution(44466)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44466"
                },
                {
                  "name": "4161",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/4161"
                },
                {
                  "name": "20080814 ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/495487/100/0/threaded"
                },
                {
                  "name": "1020699",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1020699"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-3703",
        "datePublished": "2008-08-18T17:15:00.000Z",
        "dateReserved": "2008-08-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T09:45:19.186Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0638 (GCVE-0-2008-0638)

    Vulnerability from cvelistv5 – Published: 2008-02-21 20:00 – Updated: 2024-08-07 07:54
    VLAI
    Summary
    Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.symantec.com/avcenter/security/Content… x_refsource_CONFIRM
    http://securitytracker.com/id?1019459 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29050 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/25778 vdb-entryx_refsource_BID
    http://www.zerodayinitiative.com/advisories/ZDI-0… x_refsource_MISC
    http://www.securityfocus.com/archive/1/488420/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2008-02-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:54:22.473Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html"
              },
              {
                "name": "1019459",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019459"
              },
              {
                "name": "29050",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29050"
              },
              {
                "name": "25778",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/25778"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html"
              },
              {
                "name": "20080220 ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/488420/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html"
            },
            {
              "name": "1019459",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019459"
            },
            {
              "name": "29050",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29050"
            },
            {
              "name": "25778",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/25778"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html"
            },
            {
              "name": "20080220 ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/488420/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0638",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/avcenter/security/Content/2008.02.20a.html"
                },
                {
                  "name": "1019459",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019459"
                },
                {
                  "name": "29050",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29050"
                },
                {
                  "name": "25778",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/25778"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-007.html"
                },
                {
                  "name": "20080220 ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/488420/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0638",
        "datePublished": "2008-02-21T20:00:00.000Z",
        "dateReserved": "2008-02-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:54:22.473Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2279 (GCVE-0-2007-2279)

    Vulnerability from cvelistv5 – Published: 2007-06-04 16:00 – Updated: 2024-08-07 13:33
    VLAI
    Summary
    The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.symantec.com/avcenter/security/Content… x_refsource_CONFIRM
    http://secunia.com/advisories/25537 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/470562/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1018188 vdb-entryx_refsource_SECTRACK
    http://seer.entsupport.symantec.com/docs/288627.htm x_refsource_CONFIRM
    http://osvdb.org/36104 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/24194 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2007/2035 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-06-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:33:28.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/avcenter/security/Content/2007.06.01.html"
              },
              {
                "name": "25537",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25537"
              },
              {
                "name": "20070605 TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/470562/100/0/threaded"
              },
              {
                "name": "1018188",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018188"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://seer.entsupport.symantec.com/docs/288627.htm"
              },
              {
                "name": "36104",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/36104"
              },
              {
                "name": "24194",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24194"
              },
              {
                "name": "ADV-2007-2035",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2035"
              },
              {
                "name": "symantec-scheduler-security-bypass(34680)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34680"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-06-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\\VxSvc\\CurrentVersion\\Schedules specifying future command execution."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/avcenter/security/Content/2007.06.01.html"
            },
            {
              "name": "25537",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25537"
            },
            {
              "name": "20070605 TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/470562/100/0/threaded"
            },
            {
              "name": "1018188",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018188"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://seer.entsupport.symantec.com/docs/288627.htm"
            },
            {
              "name": "36104",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/36104"
            },
            {
              "name": "24194",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24194"
            },
            {
              "name": "ADV-2007-2035",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2035"
            },
            {
              "name": "symantec-scheduler-security-bypass(34680)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34680"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-2279",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\\VxSvc\\CurrentVersion\\Schedules specifying future command execution."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.symantec.com/avcenter/security/Content/2007.06.01.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/avcenter/security/Content/2007.06.01.html"
                },
                {
                  "name": "25537",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25537"
                },
                {
                  "name": "20070605 TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/470562/100/0/threaded"
                },
                {
                  "name": "1018188",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018188"
                },
                {
                  "name": "http://seer.entsupport.symantec.com/docs/288627.htm",
                  "refsource": "CONFIRM",
                  "url": "http://seer.entsupport.symantec.com/docs/288627.htm"
                },
                {
                  "name": "36104",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/36104"
                },
                {
                  "name": "24194",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24194"
                },
                {
                  "name": "ADV-2007-2035",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2035"
                },
                {
                  "name": "symantec-scheduler-security-bypass(34680)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34680"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-2279",
        "datePublished": "2007-06-04T16:00:00.000Z",
        "dateReserved": "2007-04-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:33:28.339Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }