Title: Symantec Storage Foundation Veritas Enterprise Administrator Heap Buffer Overflow Vulnerability
Severity: CRITICAL
Description:
Symantec Storage Foundation is an online storage manager. Symantec Veritas Enterprise Administrator (VEA) is the management GUI component of Symantec Storage Foundation.
Symantec Storage Foundation is prone to a remote heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. This issue occurs in the Symantec Veritas Enterprise Administrator (VEA) component ('vxsvc.exe'), which listens on UDP port 3207 by default. The specific flaw occurs when the service fails to properly validate incoming data passed to the administrative component.
Attackers can exploit this issue by sending a specially crafted UDP datagram to the affected computer.
Successfully exploiting this issue will allow attackers to execute arbitrary code in the context of the SYSTEM user. A successful exploit will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
Affected Products:
- Symantec Storage Foundation for Unix 5.0
- Symantec Storage Foundation for Windows (32-bit) 5.0
- Symantec Storage Foundation for Windows (64-bit) 5.0
References:
- Symantec: Symantec Security Advisory SYM08-005
- Symantec: Symantec Veritas Storage Foundation Homepage
- Zero Day Initiative: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
