CVE-2008-3703

NONECVSS 0.0

0.0

The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.

🔗 References (22)

cve@mitrehttp://secunia.com/advisories/31486
cve@mitrehttp://securityreason.com/securityalert/4161
cve@mitrehttp://securitytracker.com/id?1020699
cve@mitrehttp://seer.entsupport.symantec.com/docs/306386.htm
cve@mitrehttp://www.securityfocus.com/archive/1/495481
cve@mitrehttp://www.securityfocus.com/archive/1/495487/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/30596
cve@mitrehttp://www.symantec.com/avcenter/security/Content/2008.08.14a.html
cve@mitrehttp://www.vupen.com/english/advisories/2008/2395
cve@mitrehttp://www.zerodayinitiative.com/advisories/ZDI-08-053/
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/44466
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31486
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/4161
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1020699
af854a3a-2127-422b-91ae-364da2661108http://seer.entsupport.symantec.com/docs/306386.htm

Is Your Infrastructure Affected by CVE-2008-3703?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-3703

📅 Published

🔄 Last Modified

🔗 References (22)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-3703?