SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Security)  >   Symantec Client Security Vendors:   Symantec
Symantec Client Security Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1022131
SecurityTracker URL:  http://securitytracker.com/id/1022131
CVE Reference:   CVE-2009-1429, CVE-2009-1430, CVE-2009-1431   (Links to External Site)
Date:  Apr 28 2009
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0 MR6 and prior; 3.0; 3.1 MR7 and prior versions
Description:   Several vulnerabilities were reported in Symantec Client Security. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to the Intel LANDesk Common Base Agent (CBA) on TCP port 12174 to execute arbitrary code on the target system [CVE-2009-1429]. The code will run with System privileges.

A remote user can send specially crafted data to the Intel Alert Originator Service (IAO.EXE) to trigger a stack overflow and execute arbitrary code on the target system [CVE-2009-1430]. The code will run with System privileges.

A remote user can send specially crafted data to the Intel Alert Originator Service (IAO.EXE) to trigger a separate stack overflow and execute arbitrary code on the target system [CVE-2009-1430]. The code will run with System privileges.

A remote user can create specially crafted code on a fileshare or WebDav server and then send the UNC path of the file to the Intel File Transfer service (XFR.EXE) on the target system to execute arbitrary code on the target system [CVE-2009-1431]. The code will run with System privileges.

Sebastian Apelt and Tenable Network Securutiy reported some of these vulnerabilities via Zero Day Initiative; an anonymous researcher reported one vulnerability via iDefense.

Symantec Endpoint Protection is also affected.
Impact:   A remote user can execute arbitrary code on the target system with System level privileges.
Solution:   The vendor has issued a fix (2.0 MR7, 3.1 MR8).

The vendor's advisory is available at:

http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

Vendor URL:  www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02 (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:   Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Tue, 28 Apr 2009 17:39:09 -0400
Subject:  Security Advisories Relating to Symantec Products - Symantec Alert Management System 2 multiple vulnerabilities


http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

Intel Common Base Agent Remote Command Execution Vulnerability
CVE CVE-2009-1429
BID 34671


Intel Alert Originator Service Stack Overflow Vulnerability
CVE CVE-2009-1430
BID 34672


Intel Alert Originator Service Buffer Overflow Vulnerabilities
CVE CVE-2009-1430
BID 34674


Alert Management System Console Arbitrary Program Execution Design Error Vulnerability
CVE CVE-2009-1431
BID 34675


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC