Vulnerability CVE-2007-1593


Published: 2007-06-04   Modified: 2012-02-12

Description:
The administrative service in Symantec Veritas Volume Replicator (VVR) for Windows 3.1 through 4.3, and VVR for Unix 3.5 through 5.0, in Symantec Storage Foundation products allows remote attackers to cause a denial of service (memory consumption and service crash) via a crafted packet to the service port (8199/tcp) that triggers a request for more memory than available, which causes the service to write to an invalid pointer.

Type:

CWE-399

(Resource Management Errors)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Symantec -> Veritas volume replicator 

 References:
http://www.symantec.com/avcenter/security/Content/2007.06.01a.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=539
http://xforce.iss.net/xforce/xfdb/34676
http://www.vupen.com/english/advisories/2007/2036
http://www.securitytracker.com/id?1018184
http://www.securityfocus.com/bid/24160
http://secunia.com/advisories/25516
http://cirt.dk/advisories/cirt-53-advisory.txt

Copyright 2024, cxsecurity.com

 

Back to Top