Symantec Enterprise Security Manager Remote Upgrade Remote Code Execution Vulnerability
BID:23287
Info
Symantec Enterprise Security Manager Remote Upgrade Remote Code Execution Vulnerability
| Bugtraq ID: | 23287 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 05 2007 12:00AM |
| Updated: | Jan 04 2008 10:19PM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Symantec Enterprise Security Manager 6.5.2 Symantec Enterprise Security Manager 6.5.1 Symantec Enterprise Security Manager 5.5.3 Symantec Enterprise Security Manager 6.5 Symantec Enterprise Security Manager 6.0 |
| Not Vulnerable: | |
Discussion
Symantec Enterprise Security Manager Remote Upgrade Remote Code Execution Vulnerability
Symantec Enterprise Security Manager is prone to a remote code-execution vulnerability because the application does not verify that upgrades are from trusted sources.
A successful exploit will allow attacker-supplied input to execute with administrative privileges. This may facilitate a complete system compromise.
Symantec Enterprise Security Manager is prone to a remote code-execution vulnerability because the application does not verify that upgrades are from trusted sources.
A successful exploit will allow attacker-supplied input to execute with administrative privileges. This may facilitate a complete system compromise.
Exploit / POC
Symantec Enterprise Security Manager Remote Upgrade Remote Code Execution Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Symantec Enterprise Security Manager Remote Upgrade Remote Code Execution Vulnerability
Solution:
The vendor released updates to address this issue. Please see the references for more information.
Symantec Enterprise Security Manager 6.0
Symantec Enterprise Security Manager 5.5.3
Symantec Enterprise Security Manager 6.5.1
Symantec Enterprise Security Manager 6.5.2
Solution:
The vendor released updates to address this issue. Please see the references for more information.
Symantec Enterprise Security Manager 6.0
-
Symantec ESM60SignatureFix.zip
http://www.symantec.com/avcenter/security/ESM/esmPU/ESM60SignatureFix. zip
Symantec Enterprise Security Manager 5.5.3
-
Symantec ESM55SignatureFix.zip
http://www.symantec.com/avcenter/security/ESM/esmPU/ESM55SignatureFix. zip
Symantec Enterprise Security Manager 6.5.1
-
Symantec ESM65xSignatureFix.zip
http://www.symantec.com/avcenter/security/ESM/esmPU/ESM65xSignatureFix .zip
Symantec Enterprise Security Manager 6.5.2
-
Symantec ESM65xSignatureFix.zip
http://www.symantec.com/avcenter/security/ESM/esmPU/ESM65xSignatureFix .zip
References
Symantec Enterprise Security Manager Remote Upgrade Remote Code Execution Vulnerability
References:
References: