SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Symantec Enterprise Security Manager Vendors:   Symantec
Symantec Enterprise Security Manager Upgrade Interface Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1017881
SecurityTracker URL:  http://securitytracker.com/id/1017881
CVE Reference:   CVE-2007-2375   (Links to External Site)
Updated:  May 16 2008
Original Entry Date:  Apr 6 2007
Impact:   Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.5, 6.0, 6.5.x
Description:   A vulnerability was reported in Symantec Enterprise Security Manager (ESM). A remote user can execute arbitrary code on the target system.

The ESM remote upgrade interface does not require authentication. A remote user can connect to the target ESM agent or manager to upload arbitrary code to the target system. The ESM agent will then execute the code with administrative privileges.

The NetWare, OS/400, and OpenVMS agents are not affected.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued a fix, available at:

http://securityresponse.symantec.com/avcenter/security/Content/2007.04.05b.html

The Symantec advisory is available at:

http://securityresponse.symantec.com/avcenter/security/Content/2007.04.05d.html

Vendor URL:  securityresponse.symantec.com/avcenter/security/Content/2007.04.05d.html (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Red Hat Enterprise), Linux (Red Hat Linux), Linux (SuSE), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000), Windows (2003), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC