About Us | Contact Us

 


 

VUPEN Free Resources
 
  VUPEN Security Advisories
 
  VUPEN Security Blog & News
  Zero-day Attacks Monitor
  Daily Security Mailinglist
  Explanation of Terms
  Advanced Search Engine
 
   

Symantec Products Alert Management System 2 Multiple Vulnerabilities

VUPEN ID VUPEN/ADV-2009-1204
CVE ID CVE-2009-1429 - CVE-2009-1430 - CVE-2009-1431 - CVE-2009-1432
 
CWE ID Available in VUPEN VNS Customer Area
CVSS V2 Available in VUPEN VNS Customer Area
Rated as Critical 
Impact Available in VUPEN VNS Customer Area
Authentication Level Available in VUPEN VNS Customer Area
Access Vector Available in VUPEN VNS Customer Area
Release Date 2009-04-29
Share Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

Multiple vulnerabilities have been identified in various Symantec products, which could be exploited by remote attackers to compromise a vulnerable system.

The first issue is caused due to the Intel LANDesk Common Base Agent (CBA) using data sent to port 12174 as an argument to "CreateProcessA()", which could allow remote attackers to inject and execute arbitrary code with SYSTEM privileges.

The second vulnerability is caused by a stack overflow error in the Intel Alert Originator Service (IAO.EXE) when processing specially crafted packets, which could allow attackers to execute arbitrary code.

The third issue is caused by a stack overflow error in the Intel Alert Originator Service (IAO.EXE) when processing data received from the "MsgSys.exe" process, which could allow attackers to execute arbitrary code.

The fourth vulnerability is caused by a design error in the Intel File Transfer service (XFR.EXE), which could allow attackers to execute arbitrary code by placing a malicious executable on a fileshare or WebDav server, and then sending the UNC path to XFR.EXE.

Affected Products

Symantec AntiVirus Corporate Edition version 9.0 MR6 and prior
Symantec AntiVirus Corporate Edition version 10.0 (all versions)
Symantec AntiVirus Corporate Edition version 10.1 MR7 and prior
Symantec AntiVirus Corporate Edition version 10.2 MR1 and prior
Symantec Client Security version 2.0 MR6 and prior
Symantec Client Security version 3.0 (all versions)
Symantec Client Security version 3.1 MR7 and prior
Symantec Endpoint Protection version 11.0 MR2 and prior

Solution 

Symantec AntiVirus Corporate Edition - Upgrade to SAV 9.0 MR7, SAV 10.1 MR8 or SAV 10.2 MR2.

Symantec Client Security - Upgrade to SCS 2.0 MR7, SCS 3.1 MR8, or SCS 3.1 MR8.

Symantec Endpoint Protection - Upgrade to SEP 11.0 MR3

References

http://www.vupen.com/english/advisories/2009/1204
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=786
http://www.zerodayinitiative.com/advisories/ZDI-09-018

In-depth Binary Analysis 

Available in customer area as part of VUPEN Binary Analysis & Exploits Service and VUPEN Vulnerability Notification Service Ultimate Feed Edition.
 
Private Exploit or PoC 

Available in customer area as part of VUPEN Binary Analysis & Exploits Service and VUPEN Vulnerability Notification Service Ultimate Feed Edition.
 
Credits 

Vulnerabilities reported by ZDI, Tenable Network Security, Sebastian Apelt and iDefense.

Changelog 

2009-04-29 : Initial release

Feedback 

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Monthly Statistics 

 

 VUPEN Security Advisories By Criticality: Sep 2010


  Critical Risk

 : 14%

  High Risk		 : 3%

  Moderate Risk		 : 45%

  Low Risk		 : 38%

Get a real-time view of the vulnerabilities affecting your systems using the VUPEN VNS reporting capabilities.
 
 

Try VUPEN VNS 

 

 





© 2004-2010 VUPEN Security - Copyright - Privacy Policy