Symantec Web Gateway RAR Decompression Bugs Let Remote Users Cause Denial of Service Conditions on the Target Application
|
|
SecurityTracker Alert ID: 1036849 |
|
SecurityTracker URL: http://securitytracker.com/id/1036849
|
|
CVE Reference:
CVE-2016-5309, CVE-2016-5310
(Links to External Site)
|
Date: Sep 20 2016
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
Two vulnerabilities were reported in Symantec Web Gateway. A remote user can cause denial of service conditions on the target application.
A remote user can create a specially crafted RAR file that, when processed by the target application, will trigger an out-of-bounds memory read error and cause denial of service conditions on the target application [CVE-2016-5309].
A remote user can create a specially crafted RAR file that, when processed by the target application, will trigger a memory corruption error and cause denial of service conditions on the target application [CVE-2016-5310].
Tavis Ormandy of Google Project Zero reported this vulnerability.
|
Impact:
A remote user can cause denial of service conditions on the target application.
|
Solution:
The vendor has issued a fix, available automatically via LiveUpdate.
The vendor advisory is available at:
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00
|
Vendor URL: www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160919_00 (Links to External Site)
|
Cause:
Access control error
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
