CVE-2008-3703 Information

Description

The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0 5.0 RP1a and 5.1 accepts NULL NTLMSSP authentication which allows remote attackers to execute arbitrary code via requests to the service socket that create \snapshots schedules\ registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.

Reference

http://secunia.com/advisories/31486 http://securityreason.com/securityalert/4161 http://securitytracker.com/id?1020699 http://seer.entsupport.symantec.com/docs/306386.htm http://www.securityfocus.com/archive/1/495481 http://www.securityfocus.com/archive/1/495487/100/0/threaded http://www.securityfocus.com/bid/30596 http://www.symantec.com/avcenter/security/Content/2008.08.14a.html http://www.vupen.com/english/advisories/2008/2395 http://www.zerodayinitiative.com/advisories/ZDI-08-053/ https://exchange.xforce.ibmcloud.com/vulnerabilities/44466