Multiple Integer Overflows in Veritas Storage Solutions by Symantec
CVE-2011-0547

Currently unrated

Key Information:

Vendor: Symantec
Status: Veritas Storage Foundation; Veritas Dynamic Multi-pathing; Veritas Storage Foundation Cluster File System For Oracle Rac
Vendor: CVE Published:; 19 August 2011

Summary

Multiple integer overflow vulnerabilities exist in the vxsvc.exe component of Symantec's Veritas Enterprise Administrator service. These vulnerabilities affect various versions of Veritas Storage Foundation, including its Cluster File Systems and NetBackup PureDisk. Remote attackers can exploit these weaknesses through crafted Unicode and ASCII strings or specially formed values, particularly affecting the vxveautil.value_binary_unpack and vxveautil.kv_binary_unpack functions. Successful exploitation could allow attackers to execute arbitrary code, leading to potential data compromise and unauthorized access.

References

http://zerodayinitiative.com/advisories/ZDI-11-264/

x_refsource_MISC

http://marc.info/?l=bugtraq&m=131955939603667&w=2

vendor-advisoryx_refsource_HP

http://marc.info/?l=bugtraq&m=131955939603667&w=2

vendor-advisoryx_refsource_HP

EPSS Score

32% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 19, 2011
Vulnerability Reserved
Jan 20, 2011