Symantec Veritas Storage Foundation vxsvc.exe ASCII String Execution Vulnerability

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Home
Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

Confidence 2013

5% Off any SANS course
Use Code: SecuriTeam_5

Hack In Paris

La Nuit du Hack

Subjects of Interest:
Vulnerability Management
SQL Injection
Buffer Overflows
Active Network Scanning
Fuzzing
Fuzzer Report
Network Security
Network Scanner
Pen Testing
Security Scanner

The vxsvc.exe ASCII string unpacking code execution vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service.

Credit:
The information has been provided by Luigi Auriemma.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-11-263/

Free Website Security Scan	Free Fuzzer Report	Vulnerability Assessment
Detect web app vulnerabilities	University study comparing the top	Accurate and automated scanning
Get guidance from professionals.	6 commercially availble fuzzers.	for networks of any size.

Protect your website!
Free Trial, Nothing to install.
No interruption of visitors.
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Symantec Veritas Storage Foundation

Authentication is not required to exploit this vulnerability.

The specific flaw exists within vxsvc.exe. The problem affecting the part of the server running on TCP port 2148 is an integer overflow in the function vxveautil.value_binary_unpack during the handling of the ascii strings (opcode 6) where the 32-bit field supplied by the attacker is used for allocating a destination buffer by adding an additional byte to its value. This integer overflow can be used to create a small allocation which will be subsequently overflowed, allowing the attacker to execute arbitrary code under the context of the SYSTEM.

Patch Availability:
Symantec has issued an update to correct this vulnerability. More details can be found at:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110815_00

CVE Information:
CVE-2011-0547

Disclosure Timeline:
2011-02-17 - Vulnerability reported to vendor
2011-08-16 - Coordinated public release of advisory

blog comments powered by Disqus

	Microsoft Windows USB Driver Memory Object Handling Local Privilege (2013-1287) Vulnerability
	Microsoft IE SaveHistory Onload Event Handling Use-After-Free Arbitrary Code Execution Vulnerability
	Microsoft IE CMarkupBehaviorContext Use-After-Free Arbitrary Code Execution Vulnerability
	Microsoft SharePoint XSS Vulnerability
	Microsoft IE OnBeforeCopy Use-After-Free Arbitrary Code Execution Vulnerability
	Microsoft Windows USB Driver Memory Object Handling Local Privilege Escalation Vulnerability
	Microsoft OneNote Buffer Size Validation ONE File Handling Information Disclosure Vulnerability
	Microsoft IE GetMarkupPtr execCommand Print Event Handling Use-after-free Execution Vulnerability
	Microsoft SharePoint Remote Overflow DoS Vulnerability
	Microsoft IE CTreeNode Use-After-Free Arbitrary Code Execution Vulnerability
	Microsoft Windows USB Driver Memory Object Handling Local Privilege (2013-1286) Vulnerability
	Microsoft IE CTreeNode Use-After-Free Use-After-Free Arbitrary Execution Vulnerability
	Microsoft IE Proxy Server TCP Session Re-Use Cross-User Information Disclosure Weakness Vulnerability
	Microsoft IE Shift JIS Character Encoding Information Disclosure Vulnerability
	Microsoft IE SetCapture Use-after-free Arbitrary Code Execution Vulnerability
	Microsoft IE Vector Markup Language (VML) Buffer Allocation Memory Corruption Vulnerability
	Microsoft Windows Kernel Memory Object Handling Local Privilege Escalation Vulnerability
	Microsoft System Center Operations Web Console XSS Vulnerability
	Microsoft Lync User-Agent Header Handling Remote Arbitrary Command Execution Vulnerability
	Microsoft System Center Operations Manager Web Console XSS Vulnerability

Featured Articles

	Microsoft Windows USB Driver Memory Object Handling Local Privilege (2013-1287) Vulnerability
	Microsoft Windows USB Driver Memory Object Handling Local Privilege Escalation Vulnerability
	Microsoft Windows Kernel Memory Object Handling Local Privilege Escalation Vulnerability
	Microsoft Windows SSL/TSL Forced Downgrade MitM Weakness
	Microsoft Windows Memory Object Handling Local Memory Privilege Escalation Vulnerability
	Microsoft Windows Privilege Escalation Vulnerability
	Microsoft .NET Framework Serialization Remote Code Execution Vulnerability
	Microsoft Visio Viewer VSD File Format Remote Code Execution Vulnerability
	Microsoft .NET Framework Input Serialization CVE-2012-0160 Remote Code Execution Vulnerability
	Microsoft .NET Framework ASP.NET Forms Authentication Bypass Vulnerability
	'TrendMicro Control Manager CASProcessor.exe BLOB Code Execution Vulnerability'
	'HP iNode Management Center iNodeMngChecker.exe Code Execution Vulnerability'
	'HP Data Protector Backup Client Service EXEC_SCRIPT Code Execution Vulnerability'
	'Microsoft Internet Explorer Property Change Memory Corruption Vulnerability'
	'Microsoft Office PowerPoint PersistDirectoryEntry Code Execution Vulnerability'
	'CA Total Defense Suite Heartbeat Web Service Code Execution Vulnerability'
	'HP Web Jetadmin Unauthorized Access to Managed Resources Vulnerability'
	'Novell Zenworks Handheld Management ZfHIPCnd.exe Opcode 2 Code Execution Vulnerability'
	'Microsoft Windows Shell Graphics biCompression Buffer Overflow Vulnerability'
	'Microsoft Office PICT Filter Integer Truncation Vulnerability'

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs