Symantec Endpoint Protection Multiple Flaws Let Remote Users Bypass Authenticated and Remote Authenticated Users Read/Write Files, Inject SQL Commands, and Gain Elevated Privileges - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Application (Security) > Symantec Endpoint Protection

Vendors: Symantec

Symantec Endpoint Protection Multiple Flaws Let Remote Users Bypass Authenticated and Remote Authenticated Users Read/Write Files, Inject SQL Commands, and Gain Elevated Privileges

SecurityTracker Alert ID: 1033165

SecurityTracker URL: http://securitytracker.com/id/1033165

CVE Reference: CVE-2015-1486, CVE-2015-1487, CVE-2015-1488, CVE-2015-1489, CVE-2015-1490, CVE-2015-1491, CVE-2015-1492, CVE-2015-8113 (Links to External Site)

Updated: Nov 12 2015

Original Entry Date: Jul 31 2015

Impact: Disclosure of system information, Disclosure of user information, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 12.1.x prior to 12.1-RU6-MP1

Description: Multiple vulnerabilities were reported in Symantec Endpoint Protection. A remote authenticated user can gain elevated privileges. A remote authenticated user can read and write files on the target system. A remote authenticated user can inject SQL commands. A remote user can bypass authentication.

A remote user can exploit a flaw in the Symantec Endpoint Protection Manager (SEPM) management console's password reset function to bypass authentication and obtain an administrative session [CVE-2015-1486].

A remote authenticated user can exploit a filename validation flaw to write arbitrary files on the target system [CVE-2015-1487].

A remote authenticated user can exploit an action handler validation flaw to read arbitrary files on the target system [CVE-2015-1488].

A remote authenticated user can gain full privileges on the target system [CVE-2015-1489].

A remote authenticated user can create a specifically crafted install package containing an arbitrary relative path to access files on the target system that are located outside of the install folder [CVE-2015-1490].

The software does not properly validate user-supplied input. A remote authenticated user can supply a specially crafted parameter value to execute arbitrary SQL commands on the underlying database [CVE-2015-1491].

A local user on a SEP client can create a specially crafted DLL file and include in in a client install package to cause arbitrary code to be executed on the target system [CVE-2015-1492].

Markus Wulftange of Code White (http://www.code-white.com) reported these vulnerabilities.

Impact: A remote user can bypass authentication on the target system.

A remote authenticated user can gain elevated privileges on the target system.

A remote authenticated user can read and write files on the target system.

A remote authenticated user can execute SQL commands on the underlying database.

Solution: The vendor has issued a fix (12.1-RU6-MP1).

[Editor's note: On November 9, 2015, the vendor indicated that the original fix for CVE-2015-1492 was incomplete. The incomplete fix has been assigned CVE-2015-8113. The updated fix is 12.1-RU6-MP3.]

The vendor's advisories are available at:

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20151109_00

Vendor URL: www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00 (Links to External Site)

Cause: Access control error, Authentication error, Input validation error

Underlying OS: Windows (Any)

Message History: None.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2020, SecurityGlobal.net LLC