PT-2008-2262 · Symantec · Symantec Veritas Storage Foundation

Sebastian Apelt

Published

2008-02-21

Updated

2018-10-15

CVE-2008-0638

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Symantec Veritas Storage Foundation version 5.0

Description The issue is related to a heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service, also known as vxsvc.exe. This allows remote attackers to execute arbitrary code by sending a packet with a crafted value of a certain size field. The problem arises because the size field is not checked for consistency with the actual buffer size.

Recommendations For Symantec Veritas Storage Foundation version 5.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2008-0638

Affected Products

Symantec Veritas Storage Foundation

PT-2008-2262 · Symantec · Symantec Veritas Storage Foundation

CVE-2008-0638

Weakness Enumeration

Related Identifiers

Affected Products

References · 8