SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Symantec Endpoint Protection Vendors:   Symantec
Symantec Endpoint Protection Multiple Flaws Let Remote Users Bypass Authenticated and Remote Authenticated Users Read/Write Files, Inject SQL Commands, and Gain Elevated Privileges
SecurityTracker Alert ID:  1033165
SecurityTracker URL:  http://securitytracker.com/id/1033165
CVE Reference:   CVE-2015-1486, CVE-2015-1487, CVE-2015-1488, CVE-2015-1489, CVE-2015-1490, CVE-2015-1491, CVE-2015-1492, CVE-2015-8113   (Links to External Site)
Updated:  Nov 12 2015
Original Entry Date:  Jul 31 2015
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 12.1.x prior to 12.1-RU6-MP1
Description:   Multiple vulnerabilities were reported in Symantec Endpoint Protection. A remote authenticated user can gain elevated privileges. A remote authenticated user can read and write files on the target system. A remote authenticated user can inject SQL commands. A remote user can bypass authentication.

A remote user can exploit a flaw in the Symantec Endpoint Protection Manager (SEPM) management console's password reset function to bypass authentication and obtain an administrative session [CVE-2015-1486].

A remote authenticated user can exploit a filename validation flaw to write arbitrary files on the target system [CVE-2015-1487].

A remote authenticated user can exploit an action handler validation flaw to read arbitrary files on the target system [CVE-2015-1488].

A remote authenticated user can gain full privileges on the target system [CVE-2015-1489].

A remote authenticated user can create a specifically crafted install package containing an arbitrary relative path to access files on the target system that are located outside of the install folder [CVE-2015-1490].

The software does not properly validate user-supplied input. A remote authenticated user can supply a specially crafted parameter value to execute arbitrary SQL commands on the underlying database [CVE-2015-1491].

A local user on a SEP client can create a specially crafted DLL file and include in in a client install package to cause arbitrary code to be executed on the target system [CVE-2015-1492].

Markus Wulftange of Code White (http://www.code-white.com) reported these vulnerabilities.

Impact:   A remote user can bypass authentication on the target system.

A remote authenticated user can gain elevated privileges on the target system.

A remote authenticated user can read and write files on the target system.

A remote authenticated user can execute SQL commands on the underlying database.

Solution:   The vendor has issued a fix (12.1-RU6-MP1).

[Editor's note: On November 9, 2015, the vendor indicated that the original fix for CVE-2015-1492 was incomplete. The incomplete fix has been assigned CVE-2015-8113. The updated fix is 12.1-RU6-MP3.]

The vendor's advisories are available at:

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20151109_00

Vendor URL:  www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00 (Links to External Site)
Cause:   Access control error, Authentication error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC