Vulnerability Name:

CVE-2011-0547 (CCN-69182)

Assigned:2011-08-15
Published:2011-08-15
Updated:2017-09-19
Summary:Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow.
CVSS v3 Severity:9.6 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
8.3 High (CCN CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-0547

Source: HP
Type: UNKNOWN
SSRT100506

Source: CCN
Type: SA45576
Symantec Products Veritas Enterprise Administrator Service Buffer Overflows

Source: CCN
Type: SA45788
HP-UX update for Veritas Enterprise Administrator

Source: CCN
Type: OSVDB ID: 74919
Symantec Multiple Products vxveautil.value_binary_unpack() Function Multiple String Parsing Overflow

Source: CCN
Type: OSVDB ID: 74920
Symantec Multiple Products vxveautil.kv_binary_unpack() Function Value Unpacking Overflow

Source: BID
Type: UNKNOWN
49014

Source: CCN
Type: BID-49014
Symantec Veritas Enterprise Administrator Service Multiple Buffer Overflow Vulnerabilities

Source: CCN
Type: SYM11-010
Security Advisories Relating to Symantec Products - Symantec Veritas Enterprise Administrator service (vxsvc) buffer overflows

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.symantec.com/business/support/index?page=content&id=TECH165536

Source: CONFIRM
Type: UNKNOWN
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110815_00

Source: MISC
Type: UNKNOWN
http://zerodayinitiative.com/advisories/ZDI-11-262/

Source: MISC
Type: UNKNOWN
http://zerodayinitiative.com/advisories/ZDI-11-263/

Source: MISC
Type: UNKNOWN
http://zerodayinitiative.com/advisories/ZDI-11-264/

Source: XF
Type: UNKNOWN
symantec-vxsvc-bo(69182)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:14792

Source: CCN
Type: ZDI-11-262
Symantec Veritas Storage Foundation vxsvc.exe Unicode String Parsing Remote Code Execution Vulnerability

Source: CCN
Type: ZDI-11-263
Symantec Veritas Storage Foundation vxsvc.exe ASCII String Unpacking Remote Code Execution Vulnerability

Source: CCN
Type: ZDI-11-264
Symantec Veritas Storage Foundation vxsvc.exe Value Unpacking Integer Overflow Remote Code Execution Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec:veritas_dynamic_multi-pathing:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:veritas_storage_foundation:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:veritas_storage_foundation:*:*:*:*:*:*:*:* (Version <= 5.1)
  • OR cpe:/a:symantec:veritas_storage_foundation_cluster_file_system_for_oracle_rac:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:veritas_storage_foundation_cluster_file_system_for_oracle_rac:*:*:*:*:*:*:*:* (Version <= 5.1)

    • Configuration 2:
  • cpe:/a:symantec:netbackup_puredisk:6.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:netbackup_puredisk:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:netbackup_puredisk:6.5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:netbackup_puredisk:6.5.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:netbackup_puredisk:6.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:netbackup_puredisk:6.6.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:netbackup_puredisk:6.6.1.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:symantec:veritas_storage_foundation:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:veritas_storage_foundation:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:veritas_storage_foundation_for_windows:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:veritas_storage_foundation_for_oracle:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:veritas_storage_foundation_for_db2:5.0::aix:*:*:*:*:*
  • OR cpe:/a:symantec:veritas_storage_foundation_for_windows:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:veritas_storage_foundation_cluster_file_system_for_oracle_rac:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:veritas_storage_foundation_cluster_file_system_for_oracle_rac:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:veritas_dynamic_multi-pathing:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:netbackup_puredisk:6.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:netbackup_puredisk:6.5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:netbackup_puredisk:6.5.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:netbackup_puredisk:6.5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:netbackup_puredisk:6.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:netbackup_puredisk:6.6.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:netbackup_puredisk:6.6.1.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:14792
    V
    		HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code
    2015-04-20
    BACK
    symantec veritas dynamic multi-pathing 5.1
    symantec veritas storage foundation 5.0
    symantec veritas storage foundation *
    symantec veritas storage foundation cluster file system for oracle rac 5.0
    symantec veritas storage foundation cluster file system for oracle rac *
    symantec netbackup puredisk 6.5.0.1
    symantec netbackup puredisk 6.5.1
    symantec netbackup puredisk 6.5.1.1
    symantec netbackup puredisk 6.5.1.2
    symantec netbackup puredisk 6.6.1
    symantec netbackup puredisk 6.6.1.1
    symantec netbackup puredisk 6.6.1.2
    symantec veritas storage foundation 5.0
    symantec veritas storage foundation 5.1
    symantec veritas storage foundation for windows 5.0
    symantec veritas storage foundation for oracle 5.0
    symantec veritas storage foundation for db2 5.0
    symantec veritas storage foundation for windows 5.1
    symantec veritas storage foundation cluster file system for oracle rac 5.0
    symantec veritas storage foundation cluster file system for oracle rac 5.1
    symantec veritas dynamic multi-pathing 5.1
    symantec netbackup puredisk 6.5.1
    symantec netbackup puredisk 6.5.1.1
    symantec netbackup puredisk 6.5.1.2
    symantec netbackup puredisk 6.5.0.1
    symantec netbackup puredisk 6.6.1
    symantec netbackup puredisk 6.6.1.2
    symantec netbackup puredisk 6.6.1.1