CVE-2005-3566

Name of the Vulnerable Software and Affected Versions VERITAS Cluster Server for UNIX versions prior to 4.0MP2

Description The issue is related to a buffer overflow in various ha commands, allowing local users to execute arbitrary code via a long VCSI18N LANG environment variable. This affects multiple commands, including haagent, haalert, haattr, hacli, hacli runcmd, haclus, haconf, hadebug, hagrp, hahb, halog, hareg, hares, hastatus, hasys, hatype, hauser, and tststew.

Recommendations For versions prior to 4.0MP2, update to version 4.0MP2 or later to resolve the issue. As a temporary workaround, consider restricting the length of the VCSI18N LANG environment variable to prevent exploitation.