Veritas Storage Foundation Administrator service buffer overflow

Added: 03/03/2008
CVE: CVE-2008-0638
BID: 25778
OSVDB: 41978

Background

Veritas Storage Foundation is an online storage management solution. An Administrator service, implemented by vxsvc.exe, listens on port 3207 by default.

Problem

A buffer overflow vulnerability in the Administrator service allows remote attackers to execute arbitrary commands.

Resolution

Apply one of the patches referenced in Symantec document 297327.

References

http://www.symantec.com/avcenter/security/Content/2008.02.20a.html
http://www.zerodayinitiative.com/advisories/ZDI-08-007.html

Limitations

Exploit works on Symantec Veritas Storage Foundation for Windows 5.0.

Platforms

Windows 2000
Windows Server 2003

Back to exploit index