Rapid7 Vulnerability & Exploit Database

HP-UX: CVE-2011-0547: running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code

Back to Search

HP-UX: CVE-2011-0547: running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
08/19/2011
Created
07/25/2018
Added
08/11/2017
Modified
09/12/2017

Description

Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Symantec Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow.

Solution(s)

  • hpux-apply-phco-42173
  • hpux-apply-phco-42175
  • hpux-apply-phco-42176
  • hpux-apply-phco-42177
  • hpux-apply-phco-42178
  • hpux-apply-phco-42179
  • hpux-apply-phco-42180
  • hpux-apply-phco-42181
  • hpux-apply-phco-42182
  • hpux-apply-phco-42316
  • hpux-apply-phco-42317

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;