|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-07-28 | |
| Rule Name: | Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability (CVE-2008-3703) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows | |
| Reference: | SecurityFocusBID:30596 http://securityreason.com/securityalert/4161 SecurityTrackerID:1020699 http://seer.entsupport.symantec.com/docs/306386.htm |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: http://www.symantec.com/avcenter/security/Content/2008.08.14a.html |