Remote Code Execution Vulnerability in Symantec Veritas Storage Foundation Management Console
CVE-2008-3703

Currently unrated

Key Information:

Vendor

Symantec
Status
Veritas Storage Foundation
Vendor
CVE Published:
18 August 2008

What is CVE-2008-3703?

The Volume Manager Scheduler Service in Symantec Veritas Storage Foundation for Windows is vulnerable due to its acceptance of NULL NTLMSSP authentication. This flaw allows remote attackers to exploit the service by sending specially crafted requests that can manipulate registry values for 'snapshot schedules'. Consequently, attackers could execute arbitrary code. This vulnerability is a continuation of issues stemming from CVE-2007-2279, indicating that a previous fix was insufficient.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/31486
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/495481
mailing-listx_refsource_BUGTRAQ
http://www.zerodayinitiative.com/advisories/ZDI-08-053/
x_refsource_MISC

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.