Symantec Veritas Enterprise Administrator Service (vxsvc) Multiple Integer Overflows

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The remote host is running an administrator service that is affected by
multiple integer overflow vulnerabilities.

Description :

Symantec Veritas Enterprise Administrator Service (vxsvc), a component
of Veritas Storage Foundation and other products, is running on the
remote host.

Based on the response from the service, the running version of Symantec
Veritas Enterprise Administrator service is affected by multiple integer
overflow vulnerabilities, leading to buffer overflows in the following
functions :

- vxveautil.value_binary_unpack(), for ASCII string
handling

- vxveautil.value_binary_unpack(), for UNICODE string
handling

- vxveautil.kv_binary_unpack()

By exploiting these flaws, a remote, unauthenticated attacker could
execute arbitrary code on the remote host subject to the privileges of
the user running the affected application.

See also :

http://www.nessus.org/u?5ab713d2
http://www.zerodayinitiative.com/advisories/ZDI-11-262/
http://www.zerodayinitiative.com/advisories/ZDI-11-263/
http://www.zerodayinitiative.com/advisories/ZDI-11-264/

Solution :

Apply the relevant patch from the Symantec advisory.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Gain a shell remotely

Nessus Plugin ID: 56239 ()

Bugtraq ID: 49014

CVE ID: CVE-2011-0547