Информационная безопасность
[RU] switch to English


Несанкционрованный доступ к продуктам Symantec Veritas
дополнено с 10 декабря 2009 г.
Опубликовано:15 декабря 2009 г.
Источник:
SecurityVulns ID:10462
Тип:удаленная
Уровень опасности:
7/10
Описание:Обход аутентификации в службе VRTSweb.exe по порту TCP/14300 позволяет выполнение кода.
Затронутые продукты:HP : HP-UX 11.23
 HP : HP-UX 11.31
 SYMANTEC : Backup Exec Continuous Protection Server 12.5
 SYMANTEC : Veritas NetBackup Operations Manager 6.5
 SYMANTEC : Veritas Backup Reporter 6.6
 SYMANTEC : Veritas Storage Foundation 3.5
 SYMANTEC : Veritas Storage Foundation for Windows High Availability 5.1
 SYMANTEC : Veritas Storage Foundation for High Availability 3.5
 SYMANTEC : Veritas Storage Foundation for Oracle 5.0
 SYMANTEC : Veritas Storage Foundation for DB2 5.0
 SYMANTEC : Veritas Storage Foundation for Sybase 5.0
 SYMANTEC : Veritas Storage Foundation for Oracle Real Application Cluster 5.0
 SYMANTEC : Veritas Storage Foundation Manager 1.1
 SYMANTEC : Veritas Storage Foundation Manager 2.0
 SYMANTEC : Veritas Cluster Server 5.0
 SYMANTEC : Veritas Cluster Server One 2.0
 SYMANTEC : Veritas Application Director 1.1
 SYMANTEC : Veritas Cluster Server Management Console 5.5
 SYMANTEC : Veritas Storage Foundation Cluster File System 5.0
 SYMANTEC : Veritas Storage Foundation Cluster File System for Oracle RAC 5.0
 SYMANTEC : Veritas Command Central Storage 5.1
 SYMANTEC : Veritas Command Central Enterprise Reporter 5.1
 SYMANTEC : Veritas Command Central Storage Change Manager 5.1
 SYMANTEC : Veritas MicroMeasure 5.0
 SYMANTEC : VRTSweb 5.0
CVE:CVE-2009-3027 (VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1)
Оригинальный текстdocumentHP, [security bulletin] HPSBUX02480 SSRT090253 rev.1 - HP-UX Running VRTSweb, Remote Execution of Arbitrary Code, Increase of Privilege (15.12.2009)
 documentZDI, ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability (10.12.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород