Computer Security
[EN] no-pyccku

Symantec VERITAS Storage Foundation multiple security vulnerabilities
updated since 03.06.2007
SecurityVulns ID:7770
Threat Level:
Description:DoS via resource consumption against TCP/8199 administrative service. VxSchedService.exe (TCP/4888) scheduler service authentication bypass and code execution.
Affected:SYMANTEC : VERITAS Storage Foundation 4.3
CVE:CVE-2007-2279 (The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.)
 CVE-2007-1593 (The administrative service in Symantec Veritas Volume Replicator (VVR) for Windows 3.1 through 4.3, and VVR for Unix 3.5 through 5.0, in Symantec Storage Foundation products allows remote attackers to cause a denial of service (memory consumption and service crash) via a crafted packet to the service port (8199/tcp) that triggers a request for more memory than available, which causes the service to write to an invalid pointer.)
Original documentdocument3COM, TPTI-07-08: Symantec Veritas Storage Foundation Scheduler Service Authentication Bypass Vulnerability (05.06.2007)
 documentSYMANTEC, SYM07-009,Symantec Storage Foundation for Windows Volume Manager: Authentication Bypass and Potential Code Execution in Scheduler Service (05.06.2007)
 documentIDEFENSE, iDefense Security Advisory 06.01.07: Symantec VERITAS Storage Foundation Administration Service DoS Vulnerability (03.06.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod