Symantec Veritas Enterprise Administrator service (vxsvc) multiple buffer overflows

Article:TECH165536  |  Created: 2011-07-25  |  Updated: 2014-01-02  |  Article URL http://www.symantec.com/docs/TECH165536
Article Type
Technical Solution


Environment

Issue



Veritas Enterprise Administrator service (vxsvc) is prone to buffer overflows which may result in a crash.


Environment



 

This is applicable to both Windows (2000, 2003 and 2008) and UNIX (AIX, HP-UX, Linux and Solaris) platforms.

Product

Version

Platform

Veritas Storage Foundation for Windows

5.0, 5.0RP1, 5.0RP2, 5.1, 5.1SP1, 5.1SP2

Windows 2000, Windows 2003, Windows 2008

Veritas Storage Foundation for Windows High Availability (SFWHA)

5.0, 5.0RP1, 5.0RP2, 5.1, 5.1SP1, 5.1SP2

Windows 2000, Windows 2003, Windows 2008

Veritas Storage Foundation (SF)

3.5 (HP-UX only), 4.1 (HP-UX only), 5.0, 5.0.1, 5.0MP1, 5.0MP2, 5.0MP3, 5.1, 5.1SP1

All supported platforms

Veritas Storage Foundation for High Availability (SFHA)

5.0, 5.0.1, 5.0MP1, 5.0MP2, 5.0MP3, 5.1, 5.1SP1

All supported platforms

Veritas Storage Foundation for Oracle (SFO)

5.0, 5.0.1, 5.0MP1, 5.0MP2, 5.0MP3, 5.1, 5.1SP1

All supported platforms

Veritas Storage Foundation for DB2

5.0, 5.0.1, 5.0MP1, 5.0MP2, 5.0MP3, 5.1, 5.1SP1

All supported platforms

Veritas Storage Foundation for Sybase

5.0, 5.0.1, 5.0MP1, 5.0MP2, 5.0MP3, 5.1, 5.1SP1

Solaris

Veritas Storage Foundation for Real Application Cluster (SFRAC)

5.0, 5.0.1, 5.0MP1, 5.0MP2, 5.0MP3, 5.1, 5.1SP1

All supported platforms

Veritas Storage Foundation Cluster File System (SFCFS)

5.0, 5.0.1, 5.0MP1, 5.0MP2, 5.0MP3, 5.1, 5.1SP1

All supported platforms

Veritas Storage Foundation Cluster File System Enterprise for Oracle RAC (SFCFSORAC)

5.0 MP2, 5.0 MP3, 5.0 MP4, 5.0 RU3, 5.0 RU4, 5.1, 5.1 SP1 RP1, 5.1 SP1 RP2

Linux

Veritas Dymanic Multi-Pathing (DMP)

5.1

Windows

Symantec NetBackup PureDisk

6.5.x, 6.6, 6.6.0.x, 6.6.1, 6.6.1.x

Linux

Symantec NetBackup 50x0 Appliance

6.6.0.2, 1.2, 1.3.x.x

Linux

 

Note   

  • Product versions prior to those listed above are NOT supported. Customers running legacy product versions should upgrade and apply available updates.
  • Only the versions listed above are affected.
  • Symantec FileStore (SFS) 5.6 is shipped with VRTSob/VRTSobc from Storage Foundation 5.0 MP3 (Linux). Fix mentioned for SF 5.0 MP3 for Linux is applicable for this release.
     

Cause



Symantec was notified of buffer overflow vulnerabilities in the Veritas Enterprise Administrator service (vxsvc) shared component shipped with multiple Symantec products. This vulnerability is caused by failure to properly validate incoming data. If successful, an attacker could potentially leverage this issue to execute arbitrary code with administrative privileges on the targeted system.

This is tracked via Symantec internal etrack incident # 2372164 / 2394915.


 


Solution



Symantec Engineering has made necessary code changes to correct improper parameter handling.  The code now validates the packet coming over the network on the affected port and rejects it if it does not conform to protocol.

Symantec engineers have verified these vulnerabilities exist in the versions listed in the above table. These vulnerabilities have been addressed in the versions specified below. Symantec engineers did additional reviews, and will continue on-going review of related functionality to further enhance overall security of the Veritas Enterprise Administrator service (vxsvc) and to eliminate any additional potential concerns. The affected port should not be available external to the network in the default configuration, so would require access to the network environment to attempt to exploit.

Symantec recommends all customers update affected products as soon as possible to protect against potential attempts to exploit these issues.

Symantec is not aware of any exploitation of, or adverse customer impact from these issues.

 

Patches are available for the following releases.


HP-UX

5.1SP1 [PHCO_42182]                      https://sort.symantec.com/patch/detail/5348

5.0.1 [PHCO_42178]                          https://sort.symantec.com/patch/detail/5349

5.0.1 [PHCO_42179]                          https://sort.symantec.com/patch/detail/5347

5.0 [PHCO_42177]                             https://sort.symantec.com/patch/detail/5344

5.0 [PHCO_42176]                             https://sort.symantec.com/patch/detail/5343

3.5 11.11 [PHCO_42175]                   https://sort.symantec.com/patch/detail/5342

4.1 11.23 [PHCO_42173]                   https://sort.symantec.com/patch/detail/5341

SF5.0_11.23 [PHCO_42180]             https://sort.symantec.com/patch/detail/5360

SF5.0_11.23 [PHCO_42181]             https://sort.symantec.com/patch/detail/5370 

 

AIX

5.0MP3                       https://sort.symantec.com/patch/detail/5332

5.1SP1                        [Contact Support to obtain this patch]

 

Linux

5.0MP1                       https://sort.symantec.com/patch/detail/5334

5.0MP3                       https://sort.symantec.com/patch/detail/5331

5.1SP1                         [Contact Support to obtain this patch]

 

Solaris SPARC

5.0MP3                       https://sort.symantec.com/patch/detail/5330

5.1SP1                       [Contact Support to obtain this patch]

 

Solaris x64

5.0MP3                       https://sort.symantec.com/patch/detail/5329

  

Windows

SFW/HA 5.1, SFW/HA 5.1AP1                                                          https://sort.symantec.com/patch/detail/5328

SFW/HA 5.1SP1, SFW/HA 5.1SP1AP1,                                            https://sort.symantec.com/patch/detail/5327

SFW/HA 5.1 SP2                                                                                 https://sort.symantec.com/patch/detail/5439

SFW/HA 5.0 RP2                                                                                [Contact Support to obtain this patch]

  

The patches for the following releases will be released in near future:

Windows                    SFW/HA          5.0, 5.0RP1
AIX                            SF/HA             5.0, 5.0MP1
Solaris SPARC            SF/HA             5.0, 5.0MP1
Solaris x64                  SF/HA             5.0, 5.0MP1
Solaris x64                  SF/HA             5.1, 5.1SP1

 

WORKAROUND

Until patches are available and/or applied, customers are advised to implement the following workaround to protect their installations:

Disable Veritas Enterprise Administrator (vxsvc) service via the following commands:

UNIX Platform

HP-UX

/sbin/init.d/isisd stop

mv /opt/VRTSob/bin/vxsvc /opt/VRTSob/bin/vxsvc.do_not_start

Solaris

/etc/init.d/isisd stop

mv /opt/VRTSob/bin/vxsvc /opt/VRTSob/bin/vxsvc.do_not_start

For startup scripts in Solaris Management Framework (SMF):

svcadm disable svc:/system/vxsvc

mv /opt/VRTSob/bin/vxsvc /opt/VRTSob/bin/vxsvc.do_not_start

AIX

/etc/rc.d/rc2.d/isisd stop

mv /opt/VRTSob/bin/vxsvc /opt/VRTSob/bin/vxsvc.do_not_start

Linux

/etc/init.d/isisd stop

mv /opt/VRTSob/bin/vxsvc /opt/VRTSob/bin/vxsvc.do_not_start


Windows platform

net stop vxob

sc config vxob start= disable

 


Supplemental Materials

SourceETrack
Value2372164
Description

PST11-018 ZDI-CAN-1110, 1111,1112 multiple buffer overflows > in SFW vxsvc.exe

       


SourceETrack
Value2394915
Description

VEA service(vxsvc) running on port 2148 crashes and dumps core.



Article URL http://www.symantec.com/docs/TECH165536


Terms of use for this information are found in Legal Notices