TITLE: Symantec AntiVirus Scan Engine Administrative Interface Buffer Overflow
SECUNIA ADVISORY ID: SA17049 VERIFY ADVISORY: http://secunia.com/advisories/17049/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network SOFTWARE: Symantec AntiVirus Scan Engine 4.x http://secunia.com/product/3040/ DESCRIPTION: A vulnerability has been reported in Symantec AntiVirus Scan Engine, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. The vulnerability is caused due to an input validation error in the web-based Administrative Interface when handling a HTTP request. This can be exploited to cause a heap-based buffer overflow via a specially crafted HTTP request that contains a negative value in certain HTTP headers. Successful exploitation allows arbitrary code execution with SYSTEM privileges, but requires the ability to send HTTP requests to port 8004/tcp. The vulnerability has been reported in the following versions: * Symantec AntiVirus Scan Engine (version 4.0 and 4.3). * Symantec AntiVirus Scan Engine for ISA (version 4.0 and 4.3). * Symantec AntiVirus Scan Engine for Netapp Filer (version 4.0). * Symantec AntiVirus Scan Engine for Messaging (version 4.3). * Symantec AntiVirus Scan Engine for Netapp NetCache (version 4.0). * Symantec AntiVirus Scan Engine for Network Attached Storage (version 4.3). * Symantec AntiVirus Scan Engine for Bluecoat (version 4.0). * Symantec AntiVirus Scan Engine for Caching (version 4.3). * Symantec AntiVirus Scan Engine for Microsoft SharePoint (version 4.3). * Symantec AntiVirus Scan Engine for Clearswift (version 4.0 and 4.3). Other products that use the Scan Engine may also affected. SOLUTION: Apply security update. http://securityresponse.symantec.com/avcenter/security/Content/2005.10.04.html#savse4-3-12 ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2005.10.04.html iDEFENSE: http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
