Name:
Symantec.VERITAS.Administrator.Service.Heap.Overfl
Released Date:
Feb 26 2008
Severity:
high
CVE:
2008-0638
Bugtraq:
25778

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt to exploit a heap overflow vulnerability in Symantec VERITAS Storage Foundation.

The vulnerability is caused by a boundry error in vxvea3.dll that occurs when handling a malformed udp packet sent to udp port 3207(administrator service). It allows remote attackers to cause memory corruption or execute arbitrary code via a specially crafted udp packet.
 
Impact
System Compromise: remote attackers can gain control of vulnerable systems.
 
Affected Products
Veritas Storage Foundation 5.0
Aliases
Symantec.VERITAS.Administrator.Service.Heap.Overflow
References
http://www.securityfocus.com/bid/25778
http://www.frsirt.com/english/advisories/2008/0624
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0638
http://secunia.com/advisories/29050/
http://www.zerodayinitiative.com/advisories/ZDI-08-007.html
Recommended Actions
Refer to the vendor's web site for a suggested workaround.
http://www.symantec.com/avcenter/security/Content/2008.02.20a.html

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED