Vulnerability Description
The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Veritas Storage Foundation | 5.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/31486Vendor Advisory
- http://securityreason.com/securityalert/4161
- http://securitytracker.com/id?1020699
- http://seer.entsupport.symantec.com/docs/306386.htmPatch
- http://www.securityfocus.com/archive/1/495481
- http://www.securityfocus.com/archive/1/495487/100/0/threaded
- http://www.securityfocus.com/bid/30596
- http://www.symantec.com/avcenter/security/Content/2008.08.14a.html
- http://www.vupen.com/english/advisories/2008/2395
- http://www.zerodayinitiative.com/advisories/ZDI-08-053/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44466
- http://secunia.com/advisories/31486Vendor Advisory
- http://securityreason.com/securityalert/4161
- http://securitytracker.com/id?1020699
- http://seer.entsupport.symantec.com/docs/306386.htmPatch
FAQ
What is CVE-2008-3703?
CVE-2008-3703 is a vulnerability with a CVSS score of 10.0 (HIGH). The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authenticat...
How severe is CVE-2008-3703?
CVE-2008-3703 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3703?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Veritas Storage Foundation.