Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3703

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-3703
Last Modified 07 Mar 2011 10:11:12
Published 18 Aug 2008 01:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3703

Summary

The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.

Vulnerable Systems

Application

  • Symantec Veritas Storage Foundation 5.0

  • Symantec Veritas Storage Foundation 5.1


References

CONFIRM - http://seer.entsupport.symantec.com/docs/306386.htm

XF - vsf-vxschedservice-code-execution(44466)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-053/

VUPEN - ADV-2008-2395

CONFIRM - http://www.symantec.com/avcenter/security/Content/2008.08.14a.html

BID - 30596

BUGTRAQ - 20080814 ZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability

BUGTRAQ - 20080814 SYM08-015_SFW_SecurityUpdateBypass

SECTRACK - 1020699

SREASON - 4161

SECUNIA - 31486


Last Updated: 27 May 2016 10:48:16