Vulnerability Description
Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Veritas Dynamic Multi-Pathing | 5.1 |
| Symantec | Veritas Storage Foundation | <= 5.1 |
| Symantec | Veritas Storage Foundation Cluster File System For Oracle Rac | <= 5.1 |
| Symantec | Netbackup Puredisk | 6.5.0.1 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=131955939603667&w=2
- http://www.securityfocus.com/bid/49014
- http://www.symantec.com/business/support/index?page=content&id=TECH165536PatchVendor Advisory
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit
- http://zerodayinitiative.com/advisories/ZDI-11-262/
- http://zerodayinitiative.com/advisories/ZDI-11-263/
- http://zerodayinitiative.com/advisories/ZDI-11-264/
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://marc.info/?l=bugtraq&m=131955939603667&w=2
- http://www.securityfocus.com/bid/49014
- http://www.symantec.com/business/support/index?page=content&id=TECH165536PatchVendor Advisory
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit
- http://zerodayinitiative.com/advisories/ZDI-11-262/
- http://zerodayinitiative.com/advisories/ZDI-11-263/
- http://zerodayinitiative.com/advisories/ZDI-11-264/
FAQ
What is CVE-2011-0547?
CVE-2011-0547 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5...
How severe is CVE-2011-0547?
CVE-2011-0547 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0547?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Veritas Dynamic Multi-Pathing, Symantec Veritas Storage Foundation, Symantec Veritas Storage Foundation Cluster File System For Oracle Rac, Symantec Netbackup Puredisk.