CVE-2005-3566: Buffer Overflow
First published: Wed Nov 16 2005(Updated: )
Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8) hadebug, (9) hagrp, (10) hahb, (11) halog, (12) hareg, (13) hares, (14) hastatus, (15) hasys, (16) hatype, (17) hauser, and (18) tststew.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Veritas Storage Foundation Cluster File System | =4.0_linux | |
| Veritas Cluster Server | =3.5_solaris_mp3 | |
| Veritas Cluster Server | =4.0_solaris_mp1 | |
| Veritas Storage Foundation for Oracle | =3.4_aix | |
| Veritas Cluster Server | =2.2_linux | |
| Veritas Cluster Server | =2.2_mp1 | |
| Veritas Cluster Server | =3.5_mp2 | |
| Veritas Storage Foundation for Oracle | =3.5_solaris | |
| Veritas Storage Foundation for Oracle | =2.2_linux | |
| Veritas Cluster Server | =4.0_linux_beta | |
| Veritas Storage Foundation for Oracle | =4.0_linux | |
| Symantec Veritas Storage Foundation Cluster File System | =4.0_solaris | |
| Veritas Cluster Server | =4.0_solaris | |
| Veritas Cluster Server | =4.0_solaris_beta | |
| Veritas Storage Foundation for Oracle | =3.5_hp-ux | |
| Veritas Cluster Server | =3.5_hp-ux | |
| Veritas Storage Foundation for Oracle | =3.0_aix | |
| Veritas Cluster Server | =3.5_aix | |
| Veritas Storage Foundation for Oracle | =4.0_solaris | |
| Symantec Veritas Storage Foundation Cluster File System | =4.0_aix | |
| Veritas Cluster Server | =3.5 | |
| Symantec Veritas Sanpoint Control Quickstart | =3.5_solaris | |
| Veritas Cluster Server | =3.5_mp1 | |
| Veritas Cluster Server | =2.2_mp2 | |
| Veritas Cluster Server | =3.5_solaris_mp1 | |
| Veritas Cluster Server | =3.5_solaris | |
| Veritas Cluster Server | =3.5_solaris_beta | |
| Veritas Cluster Server | =3.5_mp1j | |
| Veritas Cluster Server | =4.0_aix_beta | |
| Veritas Cluster Server | =3.5_p1 | |
| Veritas Cluster Server | =3.5_hp-ux_update_1 | |
| Veritas Cluster Server | =3.5_hp-ux_update_2 | |
| Veritas Cluster Server | =2.2_linux_mp1p1 | |
| Veritas Storage Foundation for Oracle | =1.0_aix | |
| Veritas Storage Foundation for Oracle | =4.0_aix | |
| Veritas Cluster Server | =4.0_linux | |
| Veritas Cluster Server | =4.0_aix | |
| Veritas Cluster Server | =3.5_solaris_mp2 | |
| Veritas Cluster Server | =2.2 | |
| Veritas Storage Foundation for Oracle | =2.2_vmware_esx |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securityresponse.symantec.com/avcenter/security/Content/2005.11.08a.html
- http://www.securityfocus.com/bid/15349
- http://securitytracker.com/id?1015169
- http://secunia.com/advisories/17502
- http://osvdb.org/20673
- http://securityreason.com/securityalert/174
- http://www.vupen.com/english/advisories/2005/2350
- http://marc.info/?l=bugtraq&m=113199516516880&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22986
Frequently Asked Questions
What is the severity of CVE-2005-3566?
CVE-2005-3566 is rated as a high severity vulnerability due to its potential to allow local users to execute arbitrary code.
How do I fix CVE-2005-3566?
To mitigate CVE-2005-3566, you should upgrade to the latest version of Symantec Veritas Cluster Server that addresses this buffer overflow issue.
Who is affected by CVE-2005-3566?
CVE-2005-3566 affects local users of various versions of Symantec Veritas Cluster Server and Storage Foundation for UNIX systems.
What are the symptoms of CVE-2005-3566?
Symptoms of CVE-2005-3566 may include unexpected application crashes or unauthorized code execution in the affected systems.
Is there a workaround for CVE-2005-3566?
While the best approach is to apply the patch, limiting access to the affected components can serve as a temporary workaround for CVE-2005-3566.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/symantec veritas
- canonical/symantec veritas storage foundation cluster file system
- version/symantec veritas storage foundation cluster file system/4.0_linux
- canonical/veritas cluster server
- version/veritas cluster server/3.5_solaris_mp3
- version/veritas cluster server/4.0_solaris_mp1
- canonical/veritas storage foundation for oracle
- version/veritas storage foundation for oracle/3.4_aix
- version/veritas cluster server/2.2_linux
- version/veritas cluster server/2.2_mp1
- version/veritas cluster server/3.5_mp2
- version/veritas storage foundation for oracle/3.5_solaris
- version/veritas storage foundation for oracle/2.2_linux
- version/veritas cluster server/4.0_linux_beta
- version/veritas storage foundation for oracle/4.0_linux
- version/symantec veritas storage foundation cluster file system/4.0_solaris
- version/veritas cluster server/4.0_solaris
- version/veritas cluster server/4.0_solaris_beta
- version/veritas storage foundation for oracle/3.5_hp-ux
- version/veritas cluster server/3.5_hp-ux
- version/veritas storage foundation for oracle/3.0_aix
- version/veritas cluster server/3.5_aix
- version/veritas storage foundation for oracle/4.0_solaris
- version/symantec veritas storage foundation cluster file system/4.0_aix
- version/veritas cluster server/3.5
- canonical/symantec veritas sanpoint control quickstart
- version/symantec veritas sanpoint control quickstart/3.5_solaris
- version/veritas cluster server/3.5_mp1
- version/veritas cluster server/2.2_mp2
- version/veritas cluster server/3.5_solaris_mp1
- version/veritas cluster server/3.5_solaris
- version/veritas cluster server/3.5_solaris_beta
- version/veritas cluster server/3.5_mp1j
- version/veritas cluster server/4.0_aix_beta
- version/veritas cluster server/3.5_p1
- version/veritas cluster server/3.5_hp-ux_update_1
- version/veritas cluster server/3.5_hp-ux_update_2
- version/veritas cluster server/2.2_linux_mp1p1
- version/veritas storage foundation for oracle/1.0_aix
- version/veritas storage foundation for oracle/4.0_aix
- version/veritas cluster server/4.0_linux
- version/veritas cluster server/4.0_aix
- version/veritas cluster server/3.5_solaris_mp2
- version/veritas cluster server/2.2
- version/veritas storage foundation for oracle/2.2_vmware_esx