CVE-2008-3703 (Veritas Storage Foundation)

CVE-2008-3703 (Veritas Storage Foundation)
BugsAlert Home > CVE-2008-3703 (Veritas Storage Foundation)




The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279. Original Source: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3703 Learn more about CVE-2008-3703 (Veritas Storage Foundation)


Tags: cve-2008-3703 veritas storage foundation

Related Items
PHP_CON "webappcfg[APPPATH]" File Inclusion
HP TCP/IP Services for OpenVMS SSH Server Vulnerability
web-cp "filelocation" File Disclosure Vulnerability
VU#538011: LANDesk QIP service buffer overflow vulnerability
CVE-2008-2095 (com_flippingbook, flipping_book)
CVE-2008-4551 (strongswan)
Bugtraq: RE: Pidgin IM Client Password Disclosure Vulnerability.