漏洞起因
访问验证错误
影响系统
Symantec Veritas Storage Foundation for Windows High Availability 5.1AP1
Symantec Veritas Storage Foundation for Windows High Availability 5.1
Symantec Veritas Storage Foundation for Windows High Availability 5.0RP2
Symantec Veritas Storage Foundation for Windows High Availability 5.0RP1a
Symantec Veritas Storage Foundation for Windows High Availability 5.0
Symantec Veritas Storage Foundation for Windows High Availability 4.3MP2
Symantec Veritas Storage Foundation for Windows High Availability 4.3 MP2
Symantec Veritas Storage Foundation Cluster File System for Oracle RAC 5.0 (Linux)
Symantec Veritas Storage Foundation Cluster File System 5.0 (Solaris)
Symantec Veritas Storage Foundation Cluster File System 5.0 (Linux)
Symantec Veritas Storage Foundation Cluster File System 5.0 (HP-UX)
Symantec Veritas Storage Foundation Cluster File System 5.0 (AIX)
Symantec Veritas Storage Foundation Cluster File System 4.1
Symantec Veritas Storage Foundation Cluster File System 4.0
Symantec Veritas Storage Foundation Cluster File System 3.5 (HP-UX)
Symantec Veritas Storage Foundation 3.5
Symantec Veritas NetBackup Operations Manager 6.5.5
Symantec Veritas NetBackup Operations Manager 6.0 GA
Symantec Veritas MicroMeasure 5.0
Symantec Veritas Command Central Storage Change Manager 5.0
Symantec Veritas Command Central Storage (CCS) 5.1
Symantec Veritas Command Central Storage (CCS) 5.0
Symantec Veritas Command Central Storage (CCS) 4.3
Symantec Veritas Command Central Enterprise Reporter 5.1
Symantec Veritas Command Central Enterprise Reporter 5.0 MP1 RP1
Symantec Veritas Command Central Enterprise Reporter 5.0 MP1
Symantec Veritas Command Central Enterprise Reporter 5.0 GA
Symantec Veritas Cluster Server One 2.0.2
Symantec Veritas Cluster Server One 2.0.1
Symantec Veritas Cluster Server One 2.0
Symantec Veritas Cluster Server Management Console 5.5.1
Symantec Veritas Cluster Server Management Console 5.5
Symantec Veritas Cluster Server Management Console 5.1
Symantec Veritas Cluster Server 4.1 (Solaris)
Symantec Veritas Cluster Server 4.1 (Linux)
Symantec Veritas Cluster Server 4.1 (HP-UX)
Symantec Veritas Cluster Server 4.0 (Linux)
Symantec Veritas Cluster Server 4.0 (AIX)
Symantec Veritas Cluster Server 3.5 (HP-UX)
Symantec Veritas Backup Reporter 6.6
Symantec Veritas Backup Reporter 6.0 GA
Symantec Veritas Application Director 1.1 Platform Expansi
Symantec Veritas Application Director 1.1
Symantec Storage Foundation Manager 2.0
Symantec Storage Foundation Manager 1.1.1Win
Symantec Storage Foundation Manager 1.1.1Ux
Symantec Storage Foundation Manager 1.1
Symantec Storage Foundation Manager 1.0 MP1
Symantec Storage Foundation Manager 1.0
Symantec Storage Foundation for Sybase 5.0
Symantec Storage Foundation for Sybase 4.1
Symantec Storage Foundation for Oracle Real Application Cluster 5.0 (Solaris)
Symantec Storage Foundation for Oracle Real Application Cluster 5.0 (HP-UX)
Symantec Storage Foundation for Oracle Real Application Cluster 5.0 (AIX)
Symantec Storage Foundation for Oracle Real Application Cluster 4.1 (Solaris)
Symantec Storage Foundation for Oracle Real Application Cluster 4.1 (HP-UX)
Symantec Storage Foundation for Oracle Real Application Cluster 4.0 (AIX)
Symantec Storage Foundation for Oracle Real Application Cluster 3.5 (HP-UX)
Symantec Storage Foundation for Oracle 5.0.1 (HP-UX)
Symantec Storage Foundation for Oracle 5.0 (Solaris)
Symantec Storage Foundation for Oracle 5.0 (Linux)
Symantec Storage Foundation for Oracle 5.0 (HP-UX)
Symantec Storage Foundation for Oracle 5.0 (AIX)
Symantec Storage Foundation for Oracle 4.1 (Solaris)
Symantec Storage Foundation for Oracle 4.1 (HP-UX)
Symantec Storage Foundation for High Availability 3.5
Symantec Storage Foundation for DB2 5.0 (Linux)
Symantec Storage Foundation for DB2 5.0 (AIX)
Symantec Storage Foundation for DB2 4.1 (Solaris)
Symantec Storage Foundation for DB2 4.1 (Linux)
Symantec Backup Exec Continuous Protection Server 12.5
Symantec Backup Exec Continuous Protection Server 12.0
Symantec Backup Exec Continuous Protection Server 11d
HP HP-UX B.11.31
HP HP-UX B.11.23
不受影响系统
Symantec Veritas Command Central Storage Change Manager 5.1.1
Symantec Veritas Command Central Storage (CCS) 5.1.1
Symantec Storage Foundation Manager 2.1
危害
远程攻击者可以利用漏洞以应用程序权限执行任意指令。
攻击所需条件
攻击者必须访问Symantec Veritas。
漏洞信息
Symantec Veritas是Symantec的备份系列产品的一个套件。
Symantec Veritas VRTSweb存在安全问题,远程攻击者可以利用漏洞以应用程序权限执行任意指令。
Symantec Veritas Veritas产品包含的VRTSweb.exe Web Server组件默认监听TCP 8181、8443和14300端口。组件提供的进程没有正确地校验提交给14300端口的认证请求,远程攻击者可以通过提交恶意构建的请求绕过认证,指示进程对任意WAR文件中的数据进行解压,可能导致以SYSTEM权限执行任意代码。
测试方法
厂商解决方案
用户可以参考如下安全公告获得补丁信息:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091209_00
漏洞提供者
TippingPoint ZeroDay Initiative
0 条评论。