Heap-based Buffer Overflow in Symantec Veritas Storage Foundation
CVE-2008-0638

Currently unrated

Key Information:

Vendor: Symantec
Status: Veritas Storage Foundation
Vendor: CVE Published:; 21 February 2008

What is CVE-2008-0638?

A heap-based buffer overflow vulnerability exists in the Veritas Enterprise Administrator service (vxsvc.exe) of Symantec's Veritas Storage Foundation 5.0. This flaw allows remote attackers to exploit the service by sending specially crafted packets with a size field that is not properly validated against the buffer size. Successful exploitation can lead to arbitrary code execution on the affected system, posing significant risks to data integrity and system security. Users and administrators are strongly advised to apply the necessary patches to mitigate this vulnerability.

References

http://www.symantec.com/avcenter/security/Content/2008.02...

x_refsource_CONFIRM

http://securitytracker.com/id?1019459

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/29050

third-party-advisoryx_refsource_SECUNIA

EPSS Score

20% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 21, 2008
Vulnerability Reserved
Feb 6, 2008