|
|
|
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=665
|
|
Vulnerable Systems:
* Veritas Storage Foundation for Windows version 5.0 (with VxSchedService.exe version 5.0.9.298)
When the Veritas Scheduler service (VxSchedService.exe) encounters certain packets, an invalid memory access occurs causing the service to crash.
Analysis:
Exploitation of this vulnerability allows remote attackers to cause the affected service to terminate. In order to exploit this vulnerability, an attacker must be able to establish a TCP session with the service on port 4888. No authentication is required to reach the vulnerable code.
Vendor response:
Symantec has addressed this vulnerability by releasing an update for Veritas Storage Foundation. More information is available in Symantec's advisory at the following URL:
http://www.symantec.com/avcenter/security/Content/2008.02.20.html
CVE Information:
CVE-2007-4516
Disclosure Timeline:
08/15/2007 - Initial vendor notification
08/15/2007 - Initial vendor response
02/20/2008 - Coordinated public disclosure
|
|
|
|