Vulnerability Details : CVE-2011-0547
Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow.
Vulnerability category: OverflowExecute code
Products affected by CVE-2011-0547
- cpe:2.3:a:symantec:veritas_storage_foundation:*:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:veritas_storage_foundation:5.0:*:*:*:*:*:*:*
- Symantec » Veritas Storage Foundation Cluster File System For Oracle RacVersions up to, including, (<=) 5.1cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system_for_oracle_rac:*:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:veritas_storage_foundation_cluster_file_system_for_oracle_rac:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:veritas_dynamic_multi-pathing:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:netbackup_puredisk:6.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:netbackup_puredisk:6.5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:netbackup_puredisk:6.5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:netbackup_puredisk:6.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:netbackup_puredisk:6.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:netbackup_puredisk:6.6.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:netbackup_puredisk:6.6.1.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0547
84.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0547
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2011-0547
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0547
-
http://www.securityfocus.com/bid/49014
Symantec Veritas Enterprise Administrator Service Multiple Buffer Overflow Vulnerabilities
-
http://www.symantec.com/business/support/index?page=content&id=TECH165536
Page Not FoundPatch;Vendor Advisory
-
http://zerodayinitiative.com/advisories/ZDI-11-264/
ZDI-11-264 | Zero Day Initiative
-
http://zerodayinitiative.com/advisories/ZDI-11-262/
ZDI-11-262 | Zero Day Initiative
-
http://zerodayinitiative.com/advisories/ZDI-11-263/
ZDI-11-263 | Zero Day Initiative
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14792
Repository / Oval Repository
-
http://marc.info/?l=bugtraq&m=131955939603667&w=2
'[security bulletin] HPSBUX02700 SSRT100506 rev.2 - HP-UX running VEA, Remote Denial of Service (DoS)' - MARC
-
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110815_00
Symantec Veritas Enterprise Administrator service (vxsvc) buffer overflows
Jump to