New User, Welcome!     Login

Veritas Storage Foundation

iDefense Security Advisory 02.20.08: Symantec Veritas Storage Foundation Scheduler Service DoS Vulnerability

http://labs.idefense.com/intelligence/vulnerabilities/
Feb 20, 2008

I. BACKGROUND

The Veritas Storage Foundation is based on the Veritas File System and
Veritas Volume Manager products. It allows virtualization of storage
over a variety of platforms. It contains a remote administration
application to configure and monitor the elements of the storage
network. More information can be found at the following URL.

SECOBJADV-2008-04: Symantec Veritas Storage Foundation Memory Disclosure Vulnerability

======================================================================
=         Security Objectives Advisory (SECOBJADV-2008-04)           =
======================================================================

Veritas Storage Foundation Memory Disclosure Vulnerability

http://www.security-objectives.com/advisories/SECOBJSADV-2008-04.txt

AFFECTED: Veritas Storage Foundation 5.0

SECOBJADV-2008-05: Symantec Veritas Storage Foundation Arbitrary File Read Vulnerability

======================================================================
=         Security Objectives Advisory (SECOBJADV-2008-05)           =
======================================================================

Veritas Storage Foundation Arbitrary File Read Vulnerability

http://www.security-objectives.com/advisories/SECOBJSADV-2008-05.txt

AFFECTED: Veritas Storage Foundation 5.0

ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap Overflow Vulnerability

ZDI-08-007: Symantec VERITAS Storage Foundation Administrator Service Heap 
Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-007.html
February 20, 2008

-- CVE ID:
CVE-2008-0638

-- Affected Vendor:
Symantec

ZDI-11-263: Symantec Veritas Storage Foundation vxsvc.exe ASCII String Unpacking Remote Code Execution Vulnerability

ZDI-11-263: Symantec Veritas Storage Foundation vxsvc.exe ASCII String Unpacking Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-263

August 16, 2011

-- CVE ID:
CVE-2011-0547

-- CVSS:

ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability

ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL 
Session Authentication Bypass Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-053
August 14, 2008

-- Affected Vendors:
Symantec

-- Affected Products:
Symantec Veritas Storage Foundation

ZDI-11-262: Symantec Veritas Storage Foundation vxsvc.exe Unicode String Parsing Remote Code Execution Vulnerability

ZDI-11-262: Symantec Veritas Storage Foundation vxsvc.exe Unicode String Parsing Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-262

August 16, 2011

-- CVE ID:
CVE-2011-0547

-- CVSS:

ZDI-11-264: Symantec Veritas Storage Foundation vxsvc.exe Value Unpacking Integer Overflow Remote Code Execution Vulnerability

ZDI-11-264: Symantec Veritas Storage Foundation vxsvc.exe Value Unpacking Integer Overflow Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-264

August 16, 2011

-- CVE ID:
CVE-2011-0547

-- CVSS:

ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability

Symantec Symantec Backup Exec Continuous Protection Server
Symantec Veritas CommandCentral Storage
Symantec Veritas Cluster Server
Symantec Veritas Traffic Director
Symantec Veritas NetBackup
Symantec Veritas Storage Foundation

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8265. 
For further product information on the TippingPoint IPS, visit:


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!