Symantec Veritas Enterprise Administrator Service (vxsvc) Multiple Integer Overflows

This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.

Synopsis :

The remote host is running an administrator service that is affected by
multiple integer overflow vulnerabilities.

Description :

Symantec Veritas Enterprise Administrator Service (vxsvc), a component
of Veritas Storage Foundation and other products, is running on the
remote host.

Based on the response from the service, the running version of Symantec
Veritas Enterprise Administrator service is affected by multiple integer
overflow vulnerabilities, leading to buffer overflows in the following
functions :

- vxveautil.value_binary_unpack(), for ASCII string

- vxveautil.value_binary_unpack(), for UNICODE string

- vxveautil.kv_binary_unpack()

By exploiting these flaws, a remote, unauthenticated attacker could
execute arbitrary code on the remote host subject to the privileges of
the user running the affected application.

See also :

Solution :

Apply the relevant patch from the Symantec advisory.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : false

Family: Gain a shell remotely

Nessus Plugin ID: 56239 ()

Bugtraq ID: 49014

CVE ID: CVE-2011-0547

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now