Strix
26.1K

CVE-2005-3566

UnknownEPSS 1.23%

Last modified

CVE-2005-3566 is a vulnerability of currently unknown severity. Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8) hadebug, (9) hagrp, (10) hahb, (11) halog, (12) hareg, (13) hares, (14) hastatus, (15) hasys, (16) hatype, (17) hauser, and (18) tststew.. EPSS estimates a 1.23% chance of exploitation in the next 30 days.

Description

Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8) hadebug, (9) hagrp, (10) hahb, (11) halog, (12) hareg, (13) hares, (14) hastatus, (15) hasys, (16) hatype, (17) hauser, and (18) tststew.

Metrics

EPSS Probability
1.23%

65.2th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
Symantec VeritasCluster Server2.2
Symantec VeritasCluster Server2.2_linux
Symantec VeritasCluster Server2.2_linux_mp1p1
Symantec VeritasCluster Server2.2_mp1
Symantec VeritasCluster Server2.2_mp2
Symantec VeritasCluster Server3.5
Symantec VeritasCluster Server3.5_aix
Symantec VeritasCluster Server3.5_hp-ux
Symantec VeritasCluster Server3.5_hp-ux_update_1
Symantec VeritasCluster Server3.5_hp-ux_update_2
Symantec VeritasCluster Server3.5_mp1
Symantec VeritasCluster Server3.5_mp1j
Symantec VeritasCluster Server3.5_mp2
Symantec VeritasCluster Server3.5_p1
Symantec VeritasCluster Server3.5_solaris
Symantec VeritasCluster Server3.5_solaris_beta
Symantec VeritasCluster Server3.5_solaris_mp1
Symantec VeritasCluster Server3.5_solaris_mp2
Symantec VeritasCluster Server3.5_solaris_mp3
Symantec VeritasCluster Server4.0_aix
Symantec VeritasCluster Server4.0_aix_beta
Symantec VeritasCluster Server4.0_linux
Symantec VeritasCluster Server4.0_linux_beta
Symantec VeritasCluster Server4.0_solaris
Symantec VeritasCluster Server4.0_solaris_beta
Symantec VeritasCluster Server4.0_solaris_mp1
Symantec VeritasSanpoint Control Quickstart3.5_solaris
Symantec VeritasStorage Foundation1.0_aix
Symantec VeritasStorage Foundation2.2_linux
Symantec VeritasStorage Foundation2.2_vmware_esx
Symantec VeritasStorage Foundation3.0_aix
Symantec VeritasStorage Foundation3.4_aix
Symantec VeritasStorage Foundation3.5_hp-ux
Symantec VeritasStorage Foundation3.5_solaris
Symantec VeritasStorage Foundation4.0_aix
Symantec VeritasStorage Foundation4.0_linux
Symantec VeritasStorage Foundation4.0_solaris
Symantec VeritasStorage Foundation Cluster File System4.0_aix
Symantec VeritasStorage Foundation Cluster File System4.0_linux
Symantec VeritasStorage Foundation Cluster File System4.0_solaris

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2005-3566?
Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8) hadebug, (9) hagrp, (10) hahb, (11) halog, (12) hareg, (13) hares, (14) hastatus, (15) hasys, (16) hatype, (17) hauser, and (18) tststew.
How severe is CVE-2005-3566?
Severity scoring for CVE-2005-3566 is pending analysis. The EPSS model estimates a 1.23% probability of exploitation in the next 30 days.
How do I fix CVE-2005-3566?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2005-3566?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST