[SA29050] Symantec Veritas Storage Foundation Administrator Service Buffer Overflow

SecuToolBox : Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / WEP + Aircrack + Ubiquiti (MadWifi) 300 mW + Yagi / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner

[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] [SA29050] Symantec Veritas Storage Foundation Administrator Service Buffer Overflow

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

Download and test it today: link://[click] Read more about this new version: link://[click]

TITLE: Symantec Veritas Storage Foundation Administrator Service Buffer Overflow

SECUNIA ADVISORY ID: SA29050

VERIFY ADVISORY: link://[click]

CRITICAL: Moderately critical

IMPACT: DoS, System access

WHERE: From local network SOFTWARE: Symantec Veritas Storage Foundation 5.x link://[click]

DESCRIPTION: A vulnerability has been reported in Symantec Veritas Storage Foundation, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

The vulnerability is caused due to an input validation error in the Administrator Service and can be exploited to cause a heap-based buffer overflow via a specially crafted packet sent to default port 3207/UDP.

Successful exploitation may allow execution of arbitrary code.

The vulnerability affects version 5.0 on Windows and UNIX/Linux.

SOLUTION: Apply patches.

Version 5.0 on 32-bit Windows 2000/2003: link://[click] Version 5.0 on 64-bit Windows 2000/2003: link://[click] Version 5.0 on Solaris/HP-UX/Linux/AIX: link://[click] PROVIDED AND/OR DISCOVERED BY: Discovered by Sebastian Apelt and reported via ZDI.

ORIGINAL ADVISORY: SYM08-005: link://[click] ZDI-08-007: link://[click]

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: link://[click]

Definitions: (Criticality, Where etc.) link://[click]

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link.

Secunia NEVER sends attached files with advisories.

Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Precedent par Date: [SA29008] Joomla astatsPRO Component "id" SQL Injection Vulnerability
Suivant par Date: [SA28987] Fedora update for moin
Precedent par fil : [SA29008] Joomla astatsPRO Component "id" SQL Injection Vulnerability
Suivant par fil : [SA28987] Fedora update for moin
Index(s):
- Date
- Fil

Archives de la liste de diffusion Secunia
Archives de la liste de diffusion BugTraq
Archives de la liste de diffusion DailyDave
Archives de la liste de diffusion FunSec
Archives de la liste de diffusion Full Disclosure
Archives de la liste de diffusion Focus-IDS (FD)
Archives de la liste de diffusion Webappsec (FD)
Archives de la liste de diffusion Security-basics (FD)
Archives de la liste de diffusion Vulndiscuss
Archives de la liste de diffusion Vulnwatch

Les derniers commentaires sur SecuObs :

- More Oracle Pwnage...I Lost Count...New Version Module http://www.secuobs.com/r - Update on the update http://www.secuobs.com/revue/news/49561.shtml - YARA: a malware identification and classification tool http://www.secuobs.com/re - Update from Alexander Sotirov http://www.secuobs.com/revue/news/49201.shtml - VOIP Scanning on the increase http://www.secuobs.com/revue/news/49189.shtml - Creator of ZiPhone iPhone unlock hack calls it quits http://www.secuobs.com/revu - IPv6 Tunnel on Windows XP Using Freenet6 http://www.secuobs.com/revue/news/48645 - RFIDIOt-0.1v.tgz http://www.secuobs.com/revue/news/48665.shtml - VOIPPACK now available! http://www.secuobs.com/revue/news/48725.shtml - Nine Years of Code Cruft: Microsoft?s Hidden Internet Explorer Failures http://w + de commentaires publiés sur SecuObs

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, windows, exploit, microsoft, réseau, attaque, vulnérabilité, système, audit, virus, internet, outil, fonction, présentation, données, linux, bluetooth, vista, shell, gestion, metasploit, wishmaster, trames, protocol, sysun, fonctions, paquets, téléphone, engineering + de mots clés avec l'annuaire des articles publiés sur SecuObs

Archives Failles Secunia :

- SA33400 Fedora update for am-utils - SA33419 Fedora update for xterm - SA32648 TSC2 Help Desk CTab ActiveX Control Caption List Buffer Overflow - SA32609 ComponentOne SizerOne CTab ActiveX Control Caption List Buffer Overflow - SA33342 vBulletin Personal Sticky Threads Add-on Security Bypass Vulnerability + d'archives failles avec Secunia et SecuMail

Archives Mailing Full Disclosure :

- Full-disclosure Do you use nepenthes? - Full-disclosure The war in Palestine && Pointless noise. - Full-disclosure MDVSA-2009:001 openssl - Re: Full-disclosure Full-Disclosure wouldn't let me post this message - Re: Full-disclosure The war in Palestine + d'archives Full Disclosure avec SecuMail

Archives Mailing Bugtraq :

- AST-2009-001: Information leak in IAX2 authentication - LayerOne 2009 Call for Papers - USN-705-1 NTP vulnerability - Re: IBM Datapower XS40 Denial of Service - CORE-2008-1128: Openfire multiple vulnerabilities + d'archives Bugtraq avec SecuMail

Mini-Tagwall de l'annuaire video :

virus, spyware, vmware, firmware, biometric, lockpicking, wimax, password, spammer, malware, kernel, windows, iphone, symantec, phish, adware, knoppix, security, botnet, linux, tutorial, cryptography, internet, attack, wireshark, server, virtual, metasploit, intel, openbsd, protect, jailbreak, hitbsecconf2006, rootkit, norton, ubuntu, exploit, samsung, ettercap, hijackthis, interview, screen, vista, fingerprint, flash + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, windows, vulnérabilité, network, google, vulnerability, hacker, attack, inject, remote, mobile, server, exploit, apple, internet, iphone, black, yahoo, sécurité, malware, vista, intel, patch, crypt, drive, access, protect, virtual, laptop, linux, source, biometric, research, ebook, business, virus, office, phish, adobe, chine, facebook, opera, flash, wireless + de mots clés avec l'annuaire de la revue de presse