SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Symantec Scan Engine Vendors:   Symantec
Symantec Scan Engine Lets Remote Users Access the System and Download Files
SecurityTracker Alert ID:  1015974
SecurityTracker URL:  http://securitytracker.com/id/1015974
CVE Reference:   CVE-2006-0230, CVE-2006-0231, CVE-2006-0232   (Links to External Site)
Updated:  Apr 21 2006
Original Entry Date:  Apr 21 2006
Impact:   Disclosure of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0
Description:   Several vulnerabilities were reported in Symantec Scan Engine. A remote user can access the scan engine, download certain files, and conduct man-in-the-middle attacks.

The Symantec Scan Engine does not properly authenticate web-based user logins. A remote user can bypass authentication to gain control the Scan Engine server.

The Symantec Scan Engine uses a static private DSA key for SSL communications which can be extracted, allowing a remote user to conduct man-in-the-middle attacks.

A remote user can send a specially crafted HTTP request to access arbitrary files located under the Symantec Scan Engine installation directory. This includes the configuration file, the scanning logs, and the current virus definitions.

The vendor credits Rapid7 with reporting these vulnerabilities.

[Editor's note: The scan engine is a gateway-level product that is used in third party applications to interface with Symantec content scanning technologies.]

Impact:   A remote user can access and gain control of the scan engine

A remote user can download certain files from the target system.

A remote user can conduct man-in-the-middle attacks.

Solution:   The vendor has issued a fixed version (5.1).

The Symantec advisory is available at:

http://securityresponse.symantec.com/avcenter/security/Content/2006.04.21.html

Vendor URL:  securityresponse.symantec.com/avcenter/security/Content/2006.04.21.html (Links to External Site)
Cause:   Access control error, Authentication error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC