1. Home
  2. CVE Database
  3. CVE-2005-3566
MEDIUM · 4.3

CVE-2005-3566

Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) ha...

Vulnerability Description

Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8) hadebug, (9) hagrp, (10) hahb, (11) halog, (12) hareg, (13) hares, (14) hastatus, (15) hasys, (16) hatype, (17) hauser, and (18) tststew.

CVSS Score

4.3

MEDIUM

AV:L/AC:L/Au:S/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
Symantec VeritasCluster Server2.2
Symantec VeritasSanpoint Control Quickstart3.5_solaris
Symantec VeritasStorage Foundation1.0_aix
Symantec VeritasStorage Foundation Cluster File System4.0_aix

References

FAQ

What is CVE-2005-3566?

CVE-2005-3566 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) ha...

How severe is CVE-2005-3566?

CVE-2005-3566 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-3566?

Check the references section above for vendor advisories and patch information. Affected products include: Symantec Veritas Cluster Server, Symantec Veritas Sanpoint Control Quickstart, Symantec Veritas Storage Foundation, Symantec Veritas Storage Foundation Cluster File System.