critical
10
CWE
287
Advisory Published
Updated

CVE-2009-3027

First published: Fri Dec 11 2009(Updated: )

VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; Veritas Storage Foundation for Windows High Availability (SFWHA) 4.3MP2, 5.0, 5.0RP1a, 5.0RP2, 5.1, and 5.1AP1; Veritas Storage Foundation for High Availability (SFHA) 3.5; Veritas Storage Foundation for Oracle (SFO) 4.1, 5.0, and 5.0.1; Veritas Storage Foundation for DB2 4.1 and 5.0; Veritas Storage Foundation for Sybase 4.1 and 5.0; Veritas Storage Foundation for Oracle Real Application Cluster (SFRAC) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Manager (SFM) 1.0, 1.0 MP1, 1.1, 1.1.1Ux, 1.1.1Win, and 2.0; Veritas Cluster Server (VCS) 3.5, 4.0, 4.1, and 5.0; Veritas Cluster Server One (VCSOne) 2.0, 2.0.1, and 2.0.2; Veritas Application Director (VAD) 1.1 and 1.1 Platform Expansion; Veritas Cluster Server Management Console (VCSMC) 5.1, 5.5, and 5.5.1; Veritas Storage Foundation Cluster File System (SFCFS) 3.5, 4.0, 4.1, and 5.0; Veritas Storage Foundation Cluster File System for Oracle RAC (SFCFS RAC) 5.0; Veritas Command Central Storage (CCS) 4.x, 5.0, and 5.1; Veritas Command Central Enterprise Reporter (CC-ER) 5.0 GA, 5.0 MP1, 5.0 MP1RP1, and 5.1; Veritas Command Central Storage Change Manager (CC-SCM) 5.0 and 5.1; and Veritas MicroMeasure 5.0 does not properly validate authentication requests, which allows remote attackers to trigger the unpacking of a WAR archive, and execute arbitrary code in the contained files, via crafted data to TCP port 14300.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Symantec Veritas Cluster Server One=2.0.1
Symantec Veritas Storage Foundation For Oracle Real Application Cluster=3.5
Symantec Veritas Storage Foundation Cluster File System=4.0
Symantec Veritas Storage Foundation Manager=1.1
Symantec Veritas Cluster Server=5.0
Symantec Veritas Storage Foundation Cluster File System=5.0
Symantec Veritas Netbackup Operations Manager=6.5.5
Symantec Veritas Storage Foundation For Windows High Availability=5.0rp1a
Symantec Veritas Storage Foundation Manager=1.0
Symantec Veritas Storage Foundation For Windows High Availability=4.3mp2
Symantec Veritas Storage Foundation Cluster File System=3.5
Symantec Veritas Storage Foundation For Oracle Real Application Cluster=4.0
Symantec Veritas Storage Foundation=3.5
Symantec Veritas Micromeasure=5.0
Symantec Veritas Storage Foundation For Windows High Availability=5.1
Symantec Backup Exec Continuous Protection Server=12.5
Symantec Veritas Storage Foundation Cluster File System=4.0
Symantec Veritas Cluster Server=5.0
Symantec Veritas Storage Foundation For High Availability=3.5
Symantec Veritas Cluster Server One=2.0
Symantec Veritas Storage Foundation For Windows High Availability=5.1ap1
Symantec Veritas Netbackup Operations Manager=6.0_ga
Symantec Veritas Storage Foundation For Oracle Real Application Cluster=5.0
Symantec Veritas Storage Foundation For Sybase=5.0
Symantec Veritas Storage Foundation For Db2=5.0
Symantec Veritas Command Central Storage=4.x
Symantec Veritas Application Director=1.1
Symantec Veritas Command Central Storage Change Manager=5.0
Symantec Veritas Cluster Server=3.5
Symantec Veritas Storage Foundation For Oracle=4.1
Symantec Veritas Storage Foundation For Windows High Availability=5.0
Symantec Veritas Storage Foundation Cluster File System=4.1
Symantec Veritas Cluster Server=5.0
Symantec Veritas Cluster Server Management Console=5.1
Symantec Veritas Command Central Enterprise Reporter=5.0mp1
Symantec Veritas Storage Foundation Cluster File System=5.0
Symantec Veritas Storage Foundation For Db2=4.1
Symantec Veritas Cluster Server=4.1
Symantec Veritas Cluster Server=4.1
Symantec Veritas Storage Foundation Manager=1.1.1ux
Symantec Veritas Storage Foundation Cluster File System=4.0
Symantec Veritas Storage Foundation Cluster File System For Oracle Rac=5.0
Symantec Veritas Storage Foundation For Db2=5.0
Symantec Veritas Storage Foundation For Db2=5.0
Symantec Veritas Storage Foundation For Oracle Real Application Cluster=5.0
Symantec Veritas Netbackup Reporter=6.6
Symantec Veritas Command Central Storage=5.0
Symantec Veritas Storage Foundation Cluster File System=4.1
Symantec Veritas Storage Foundation For Oracle Real Application Cluster=4.1-hp-ux
Symantec Veritas Netbackup Reporter=6.0_ga
Symantec Backup Exec Continuous Protection Server=12.0
Symantec Veritas Storage Foundation For Oracle Real Application Cluster=5.0
Symantec Veritas Command Central Enterprise Reporter=5.0_ga
Symantec Veritas Storage Foundation For Oracle Real Application Cluster=4.1
Symantec Veritas Storage Foundation Cluster File System=4.1
Symantec Veritas Storage Foundation For Oracle Real Application Cluster=4.1
Symantec Veritas Command Central Storage Change Manager=5.1
Symantec Veritas Storage Foundation Cluster File System=5.0
Symantec Veritas Cluster Server=4.0
Symantec Veritas Storage Foundation For Oracle Real Application Cluster=5.0
Symantec Veritas Cluster Server=4.0
Symantec Veritas Storage Foundation For Sybase=4.1
Symantec Veritas Backup Exec=11d
Symantec Veritas Storage Foundation For Windows High Availability=5.0rp2
Symantec Veritas Cluster Server Management Console=5.5
Symantec Veritas Command Central Storage=5.1
Symantec Veritas Storae Foundation=3.5_onwards
Symantec Veritas Storage Foundation Manager=1.0mp1
Symantec Veritas Storage Foundation Cluster File System=5.0
Symantec Veritas Storage Foundation Cluster File System=4.1
Symantec Veritas Storage Foundation Manager=2.0
Symantec Veritas Cluster Server=4.1
Symantec Veritas Storage Foundation Cluster File System=4.0
Symantec Backup Exec Continuous Protection Server=11d
Symantec Veritas Cluster Server Management Console=5.5.1
Symantec Veritas Storage Foundation For Oracle Real Application Cluster=5.0
Symantec Veritas Storage Foundation For Oracle Real Application Cluster=4.0
Symantec Veritas Storage Foundation For Oracle=5.0
Symantec Veritas Cluster Server=5.0
Symantec Veritas Storage Foundation Manager=1.1.1win
Symantec Veritas Cluster Server One=2.0.2
Symantec Veritas Application Director=1.1
Symantec Veritas Command Central Enterprise Reporter=5.0mp1rp1
Symantec Veritas Command Central Enterprise Reporter=5.1
Symantec Veritas Storage Foundation For Oracle=5.0.1
Symantec Veritas Storage Foundation For Db2=4.1
Symantec Veritas Backup Exec=12.0
Symantec Veritas Backup Exec=12.5

Remedy

http://marc.info/?l=bugtraq&m=126046186917330&w=2

Remedy

http://seer.entsupport.symantec.com/docs/336988.htm

Remedy

http://seer.entsupport.symantec.com/docs/337279.htm

Remedy

http://seer.entsupport.symantec.com/docs/337293.htm

Remedy

http://seer.entsupport.symantec.com/docs/337392.htm

Remedy

http://seer.entsupport.symantec.com/docs/337859.htm

Remedy

http://seer.entsupport.symantec.com/docs/337930.htm

Remedy

http://www.zerodayinitiative.com/advisories/ZDI-09-098/

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203