In association with heise online

21 February 2008, 10:32

Symantec patches holes in Veritas Storage Foundation

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Symantec has published updates to its Veritas Storage Foundation storage service to close two security holes. Malformed packets arriving at TCP port 4888 cause a memory error in the Veritas Scheduler service (VxSchedService.exe), crashing the service. Prior authentication is not required. The bug is only likely to be exploitable on the local network. Veritas Storage Foundation for Windows 5.0 for Windows 2000 and Windows Server 2003 are affected.

The Administrator service monitoring port 3207 (vxsvc.exe) also has a hole through which code can be fed into a system and executed with system rights or root rights. The cause is a heap overflow triggered by manipulated packets. Veritas Storage Foundation for Windows 5.0 for Windows 2000 and Windows Server 2003 are affected, as well as Veritas Storage Foundation for Unix 5.0 for Solaris, HP-UX, Linux and AIX.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-734295
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit