PT-2008-2262 · Symantec · Symantec Veritas Storage Foundation

Sebastian Apelt

Publicado

2008-02-21

Atualizado

2018-10-15

CVE-2008-0638

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Symantec Veritas Storage Foundation version 5.0

Description The issue is related to a heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service, also known as vxsvc.exe. This allows remote attackers to execute arbitrary code by sending a packet with a crafted value of a certain size field. The problem arises because the size field is not checked for consistency with the actual buffer size.

Recommendations For Symantec Veritas Storage Foundation version 5.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2008-0638

Produtos afetados

Symantec Veritas Storage Foundation

PT-2008-2262 · Symantec · Symantec Veritas Storage Foundation

CVE-2008-0638

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8