Vulnerability Database
296,349
Total vulnerabilities in the database
CVE-2008-3703
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.
| Software | From | Fixed in |
|---|---|---|
| symantec / veritas_storage_foundation | 5.1 | 5.1.x |
| symantec / veritas_storage_foundation | 5.0-rp1a | 5.0-rp1a.x |
| symantec / veritas_storage_foundation | 5.0 | 5.0.x |
- http://secunia.com/advisories/31486
- http://securityreason.com/securityalert/4161
- http://securitytracker.com/id?1020699
- http://seer.entsupport.symantec.com/docs/306386.htm
- http://www.securityfocus.com/archive/1/495481
- http://www.securityfocus.com/archive/1/495487/100/0/threaded
- http://www.securityfocus.com/bid/30596
- http://www.symantec.com/avcenter/security/Content/2008.08.14a.html
- http://www.vupen.com/english/advisories/2008/2395
- http://www.zerodayinitiative.com/advisories/ZDI-08-053/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44466
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime