Description
CVE-2011-0547
Multiple integer overflows in vxsvc.exe in the Veritas Enterprise Administrator service in Veritas Storage Foundation 5.1 and earlier, Veritas Storage Foundation Cluster File System (SFCFS) 5.1 and earlier, Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC) 5.1 and earlier, Veritas Dynamic Multi-Pathing (DMP) 5.1, and NetBackup PureDisk 6.5.x through 6.6.1.x allow remote attackers to execute arbitrary code via (1) a crafted Unicode string, related to the vxveautil.value_binary_unpack function; (2) a crafted ASCII string, related to the vxveautil.value_binary_unpack function; or (3) a crafted value, related to the vxveautil.kv_binary_unpack function, leading to a buffer overflow.
Solution
The Product Engineering team has made the necessary code changes for Veritas Infoscale 8.0.2 for Windows to correct improper parameter handling wherein it now validates the packet coming over the network on the affected port and rejects it if it does not conform to protocol.
Hence, CVE-2011-0547 does not impact Veritas Infoscale 8.0.2 for Windows.
Reference
References
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.