Authentication Bypass in Symantec Storage Foundation Scheduler Service
CVE-2007-2279

Currently unrated

Key Information:

Vendor: Symantec
Status: Veritas Storage Foundation
Vendor: CVE Published:; 4 June 2007

Summary

The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 contains a vulnerability that enables remote attackers to bypass authentication mechanisms. By sending crafted requests to the service socket, attackers can manipulate registry values under Veritas\VxSvc\CurrentVersion\Schedules, allowing for the execution of arbitrary commands at a future time through PreScript or PostScript configurations. This flaw can potentially lead to significant security risks if exploited.

References

http://www.symantec.com/avcenter/security/Content/2007.06...

x_refsource_CONFIRM

http://secunia.com/advisories/25537

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/archive/1/470562/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 4, 2007
Vulnerability Reserved
Apr 26, 2007