APP: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass
This signature detects attempts to exploit a known vulnerability against Veritas backup packages. Attackers using an out-of-range TimeStamp CONFIG message can create a denial-of-service condition on the affected system.
Extended Description
Symantec Storage Foundation for Windows is prone to a vulnerability that lets attackers circumvent security updates. The issue resides in the Volume Manager Scheduler Service. Successful exploits of this issue allow attackers to circumvent a previous security update that resolved authentication-bypass and remote code-execution vulnerabilities. This may facilitate the complete compromise of affected computers. Storage Foundation 5.0, 5.0 RP1, and 5.1 are vulnerable.
Affected Products
Symantec storage_foundation_for_windows
Short Name
APP:VERITAS:VERITAS-NULL-PTR
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Authentication Bypass CVE-2005-2389 CVE-2008-3703 Foundation NULL Scheduler Service Session Storage Symantec Veritas bid:30596
Release Date
12/05/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3727
Port
TCP/10000,4888
False Positive
Unknown
Vendors
Symantec
CVSS Score
10.0
5.0