Symantec AntiVirus Scan Engine Multiple Remote Vulnerabilities
BID:17637
Info
Symantec AntiVirus Scan Engine Multiple Remote Vulnerabilities
| Bugtraq ID: | 17637 |
| Class: | Unknown |
| CVE: |
CVE-2006-0232 CVE-2006-0231 CVE-2006-0230 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 20 2006 12:00AM |
| Updated: | Jun 27 2007 07:08PM |
| Credit: | Marc Bevand and Joe Testa of Rapid7 are credited with the discovery of these issues. |
| Vulnerable: |
Symantec AntiVirus Scan Engine 5.0 |
| Not Vulnerable: |
Symantec AntiVirus Scan Engine 5.1 |
Discussion
Symantec AntiVirus Scan Engine Multiple Remote Vulnerabilities
Symantec AntiVirus Scan Engine is susceptible to multiple remote vulnerabilities.
These issues allow remote attackers to:
- bypass authentication and gain complete control of the application
- conduct man-in-the-middle attacks
- gain access to the potentially sensitive contents of arbitrary files contained in the application's installation directory
Version 5.0 of Symantec AntiVirus Scan Engine is affected by these vulnerabilities.
Symantec AntiVirus Scan Engine is susceptible to multiple remote vulnerabilities.
These issues allow remote attackers to:
- bypass authentication and gain complete control of the application
- conduct man-in-the-middle attacks
- gain access to the potentially sensitive contents of arbitrary files contained in the application's installation directory
Version 5.0 of Symantec AntiVirus Scan Engine is affected by these vulnerabilities.
Exploit / POC
Symantec AntiVirus Scan Engine Multiple Remote Vulnerabilities
To exploit these vulnerabilities, attackers require specific knowledge, but they would likely use pre-existing network utilities, encryption software, and web clients to conduct attacks.
Exploit code demonstrating the authentication-bypass vulnerability is available:
To exploit these vulnerabilities, attackers require specific knowledge, but they would likely use pre-existing network utilities, encryption software, and web clients to conduct attacks.
Exploit code demonstrating the authentication-bypass vulnerability is available:
Solution / Fix
Symantec AntiVirus Scan Engine Multiple Remote Vulnerabilities
Solution:
Symantec has released advisory SYM06-008, along with fixes to address this issue. Please see the referenced advisory for further information.
Fixes may be obtained through the Platinum Support Web Site for Platinum customers or through the FileConnect Electronic Software Distribution Web Site for all licensed users.
Solution:
Symantec has released advisory SYM06-008, along with fixes to address this issue. Please see the referenced advisory for further information.
Fixes may be obtained through the Platinum Support Web Site for Platinum customers or through the FileConnect Electronic Software Distribution Web Site for all licensed users.
References
Symantec AntiVirus Scan Engine Multiple Remote Vulnerabilities
References:
References:
- Security advisory list for Symantec Products (Symantec)
- SYM06-008 - Symantec Scan Engine Multiple Vulnerabilities (Symantec)
- Symantec Homepage (Symantec)
- Symantec Scan Engine Home Page (Symantec)
- Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design ([email protected])
- Rapid7 Advisory R7-0022: Symantec Scan Engine Known Immutable DSA Private Key ([email protected])
- Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability ([email protected])