Symantec System Center Reporting Server Remote Privilege Escalation Vulnerability
BID:24313
Info
Symantec System Center Reporting Server Remote Privilege Escalation Vulnerability
| Bugtraq ID: | 24313 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-3021 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 05 2007 12:00AM |
| Updated: | Mar 13 2008 01:51AM |
| Credit: | Ertunga Arsal of Tech Data GmbH & Co. OHG is credited with the discovery of this issue. |
| Vulnerable: |
Symantec Reporting Server 1.0.197.0 Symantec Client Security 3.1 .401 Symantec Client Security 3.1 .400 Symantec Client Security 3.1 .396 Symantec Client Security 3.1 .394 Symantec Client Security 3.1 Symantec AntiVirus Corporate Edition 10.1 .401 Symantec AntiVirus Corporate Edition 10.1 .400 Symantec AntiVirus Corporate Edition 10.1 .396 Symantec AntiVirus Corporate Edition 10.1 .394 Symantec AntiVirus Corporate Edition 10.1 |
| Not Vulnerable: |
Symantec Reporting Server 1.0.224.0 Symantec Client Security 3.1.6.6000 Symantec AntiVirus Corporate Edition 10.1.6.6000 |
Discussion
Symantec System Center Reporting Server Remote Privilege Escalation Vulnerability
Symantec System Center Reporting Server is prone to a remote privilege-escalation vulnerability.
Attackers can exploit this issue to execute malicious code on an affected server and gain the privileges of the user running the server. Successful attacks will compromise the application and possibly the underlying computer.
Reporting Server is distributed with Symantec AntiVirus Corporate Edition 10.1 and later and Symantec Client Security 3.1 and later.
Versions prior to Reporting Server 1.0.224.0, AntiVirus Corporate Edition 10.1.6.6000, and Client Security 3.1.6.6000 are vulnerable.
Symantec System Center Reporting Server is prone to a remote privilege-escalation vulnerability.
Attackers can exploit this issue to execute malicious code on an affected server and gain the privileges of the user running the server. Successful attacks will compromise the application and possibly the underlying computer.
Reporting Server is distributed with Symantec AntiVirus Corporate Edition 10.1 and later and Symantec Client Security 3.1 and later.
Versions prior to Reporting Server 1.0.224.0, AntiVirus Corporate Edition 10.1.6.6000, and Client Security 3.1.6.6000 are vulnerable.
Exploit / POC
Symantec System Center Reporting Server Remote Privilege Escalation Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Symantec System Center Reporting Server Remote Privilege Escalation Vulnerability
Solution:
Symantec has released an advisory and fixes to address this issue. Please see the references for more information.
Solution:
Symantec has released an advisory and fixes to address this issue. Please see the references for more information.
References
Symantec System Center Reporting Server Remote Privilege Escalation Vulnerability
References:
References:
- FileConnect (Symantec)
- Symantec Homepage (Symantec)
- SYM07-012 Symantec Reporting Server elevation of privilege (Symantec)
- SYM07-012 Symantec Reporting Server Elevation of Privilege (Symantec)