Secunia Security Advisory - A vulnerability has been reported in Symantec Veritas Storage Foundation, which can be exploited by malicious people to bypass certain security restrictions.
4904328c8b12a0701ab34855d708472fa882823670b64a313ac70f71d1200414----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Symantec Veritas Storage Foundation NULL NTLMSSP Authentication
Security Bypass
SECUNIA ADVISORY ID:
SA31486
VERIFY ADVISORY:
http://secunia.com/advisories/31486/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass
WHERE:
>From local network
SOFTWARE:
Symantec Veritas Storage Foundation 5.x
http://secunia.com/product/14406/
DESCRIPTION:
A vulnerability has been reported in Symantec Veritas Storage
Foundation, which can be exploited by malicious people to bypass
certain security restrictions.
The vulnerability is caused due to the management console allowing
NULL NTLMSSP authentication. This can be exploited to bypass the
built-in authentication in the management console and add, delete,
and modify scheduled runs by using NULL NTLMSSP authentication.
This is related to:
SA25537
Successful exploitation allows execution of arbitrary code as the
SYSTEM user.
The vulnerability is reported in Symantec Veritas Storage Foundation
version 5.0, 5.0 RP1a, and 5.1.
SOLUTION:
Apply patch.
http://support.veritas.com/docs/306386
PROVIDED AND/OR DISCOVERED BY:
Tenable Network Security, reported via ZDI.
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2008.08.14a.html
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-053/
OTHER REFERENCES:
SA25537:
http://secunia.com/advisories/25537/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed