CVE-2009-3027 Information
Share on:Description
VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d 12.0 and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2 5.0 5.0RP1a 5.0RP2 5.1 and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1 5.0 and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5 4.0 4.1 and 5.0; Veritas Storage Foundation Manager (SFM) 1.0 1.0 MP1 1.1 1.1.1Ux 1.1.1Win and 2.0; Veritas Cluster Server (VCS) 3.5 4.0 4.1 and 5.0; Veritas Cluster Server One (VCSOne) 2.0 2.0.1 and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1 5.5 and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5 4.0 4.1 and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x 5.0 and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA 5.0 MP1 5.0 MP1RP1 and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests which allows remote attackers to trigger the unpacking of a WAR archive and execute arbitrary code in the contained files via crafted data to TCP port 14300.
Reference
http://marc.info/?l=bugtraq&m=126046186917330&w=2 http://secunia.com/advisories/37631 http://secunia.com/advisories/37637 http://secunia.com/advisories/37685 http://securitytracker.com/id?1023309 http://securitytracker.com/id?1023312 http://seer.entsupport.symantec.com/docs/336988.htm http://seer.entsupport.symantec.com/docs/337279.htm http://seer.entsupport.symantec.com/docs/337293.htm http://seer.entsupport.symantec.com/docs/337392.htm http://seer.entsupport.symantec.com/docs/337859.htm http://seer.entsupport.symantec.com/docs/337930.htm http://www.osvdb.org/60884 http://www.securityfocus.com/archive/1/508358/100/0/threaded http://www.securityfocus.com/bid/37012 http://www.securitytracker.com/id?1023311 http://www.securitytracker.com/id?1023313 http://www.securitytracker.com/id?1023318 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091209_00 http://www.vupen.com/english/advisories/2009/3467 http://www.vupen.com/english/advisories/2009/3483 http://www.zerodayinitiative.com/advisories/ZDI-09-098/ https://exchange.xforce.ibmcloud.com/vulnerabilities/54665 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7986