06 June 2007, 08:31

Hole in Symantec's Storage Foundation allows malicious code execution

Security service provider TippingPoint has discovered a vulnerability in Symantec's (Veritas) Storage Foundation that can allow attackers to manipulate the system and execute arbitrary code. The problem is a lack of authentication for the Windows Scheduler Service (VxSchedService.exe). As a result, everyone can connect to the service on Port 4888 via the local network. Furthermore, TippingPoint says it is also possible to change, rewrite, and add arbitrary commands to the registry key HKEY_LOCAL_MACHINE\Software\Veritas\VxSvc\CurrentVersion\Schedules which can be executed when a manipulated schedule entry becomes due. Only Symantec's Storage Foundation for Windows 5.0 is affected. An update has been provided to remedy the flaw.

Channels

Services

Hole in Symantec's Storage Foundation allows malicious code execution

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit