Symantec Endpoint Protection Multiple Flaws Let Remote Users Bypass Authenticated and Remote Authenticated Users Read/Write Files, Inject SQL Commands, and Gain Elevated Privileges
|
SecurityTracker Alert ID: 1033165 |
SecurityTracker URL: http://securitytracker.com/id/1033165
|
CVE Reference:
CVE-2015-1486, CVE-2015-1487, CVE-2015-1488, CVE-2015-1489, CVE-2015-1490, CVE-2015-1491, CVE-2015-1492, CVE-2015-8113
(Links to External Site)
|
Updated: Nov 12 2015
|
Original Entry Date: Jul 31 2015
|
Impact:
Disclosure of system information, Disclosure of user information, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 12.1.x prior to 12.1-RU6-MP1
|
Description:
Multiple vulnerabilities were reported in Symantec Endpoint Protection. A remote authenticated user can gain elevated privileges. A remote authenticated user can read and write files on the target system. A remote authenticated user can inject SQL commands. A remote user can bypass authentication.
A remote user can exploit a flaw in the Symantec Endpoint Protection Manager (SEPM) management console's password reset function to bypass authentication and obtain an administrative session [CVE-2015-1486].
A remote authenticated user can exploit a filename validation flaw to write arbitrary files on the target system [CVE-2015-1487].
A remote authenticated user can exploit an action handler validation flaw to read arbitrary files on the target system [CVE-2015-1488].
A remote authenticated user can gain full privileges on the target system [CVE-2015-1489].
A remote authenticated user can create a specifically crafted install package containing an arbitrary relative path to access files on the target system that are located outside of the install folder [CVE-2015-1490].
The software does not properly validate user-supplied input. A remote authenticated user can supply a specially crafted parameter value to execute arbitrary SQL commands on the underlying database [CVE-2015-1491].
A local user on a SEP client can create a specially crafted DLL file and include in in a client install package to cause arbitrary code to be executed on the target system [CVE-2015-1492].
Markus Wulftange of Code White (http://www.code-white.com) reported these vulnerabilities.
|
Impact:
A remote user can bypass authentication on the target system.
A remote authenticated user can gain elevated privileges on the target system.
A remote authenticated user can read and write files on the target system.
A remote authenticated user can execute SQL commands on the underlying database.
|
Solution:
The vendor has issued a fix (12.1-RU6-MP1).
[Editor's note: On November 9, 2015, the vendor indicated that the original fix for CVE-2015-1492 was incomplete. The incomplete fix has been assigned CVE-2015-8113. The updated fix is 12.1-RU6-MP3.]
The vendor's advisories are available at:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20151109_00
|
Vendor URL: www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00 (Links to External Site)
|
Cause:
Access control error, Authentication error, Input validation error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|