N/A

The management console in the Volume Manager Scheduler Service (aka VxSchedService.exe) in Symantec Veritas Storage Foundation for Windows (SFW) 5.0, 5.0 RP1a, and 5.1 accepts NULL NTLMSSP authentication, which allows remote attackers to execute arbitrary code via requests to the service socket that create "snapshots schedules" registry values specifying future command execution. NOTE: this issue exists because of an incomplete fix for CVE-2007-2279.

N/A

N/A

Volume Manager Scheduler Service安全漏洞

Volume Manager Scheduler Service是一个卷管理器调度程序。 Veritas Storage Foundation for Win的5.0、5.0 RP1a及5.1版本的管理控制台(VxSchedService.exe)允许NULL NTLMSSP认证，导致网络攻击者可以绕过内嵌的认证直接连接到Scheduler服务套接字，以SYSTEM用户的权限执行任意代码。

N/A

N/A