Symantec Veritas Enterprise Administrator Service (vxsvc) Multiple Integer Overflows
Critical Nessus Plugin ID 56239
SynopsisThe remote host is running an administrator service that is affected by multiple integer overflow vulnerabilities.
DescriptionSymantec Veritas Enterprise Administrator Service (vxsvc), a component of Veritas Storage Foundation and other products, is running on the remote host.
Based on the response from the service, the running version of Symantec Veritas Enterprise Administrator service is affected by multiple integer overflow vulnerabilities, leading to buffer overflows in the following functions :
- vxveautil.value_binary_unpack(), for ASCII string handling
- vxveautil.value_binary_unpack(), for UNICODE string handling
By exploiting these flaws, a remote, unauthenticated attacker could execute arbitrary code on the remote host subject to the privileges of the user running the affected application.
SolutionApply the relevant patch from the Symantec advisory.