Vulnerability Description
The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Veritas Storage Foundation | 5.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/36104
- http://secunia.com/advisories/25537Vendor Advisory
- http://seer.entsupport.symantec.com/docs/288627.htm
- http://www.securityfocus.com/archive/1/470562/100/0/threaded
- http://www.securityfocus.com/bid/24194
- http://www.securitytracker.com/id?1018188
- http://www.symantec.com/avcenter/security/Content/2007.06.01.htmlPatchVendor Advisory
- http://www.vupen.com/english/advisories/2007/2035Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34680
- http://osvdb.org/36104
- http://secunia.com/advisories/25537Vendor Advisory
- http://seer.entsupport.symantec.com/docs/288627.htm
- http://www.securityfocus.com/archive/1/470562/100/0/threaded
- http://www.securityfocus.com/bid/24194
- http://www.securitytracker.com/id?1018188
FAQ
What is CVE-2007-2279?
CVE-2007-2279 is a vulnerability with a CVSS score of 9.3 (HIGH). The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the servic...
How severe is CVE-2007-2279?
CVE-2007-2279 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2279?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Veritas Storage Foundation.