SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Symantec Anti Virus Vendors:   Symantec
Symantec Anti Virus NAVEX15/NAVENG Device Drivers Let Local Users Gain Kernel Level Privileges
SecurityTracker Alert ID:  1016997
SecurityTracker URL:  http://securitytracker.com/id/1016997
CVE Reference:   CVE-2006-4927   (Links to External Site)
Date:  Oct 5 2006
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Symantec Anti Virus in the NAVEX15.SYS and NAVENG.SYS device drivers. A local user can obtain kernel level privileges on the target system.

A local user can send a specially crafted I/O request packet to the IOCTL handler function to cause memory to be overwritten and arbitrary code to be executed on the target system. The code will run with kernel-level privileges.

NAVEX15.SYS and NAVENG.SYS versions prior to 20061.3.0.12 are affected.

Symantec AntiVirus Corporate Edition, Symantec AntiVirus for Blue Coat Security, Symantec AntiVirus for CacheFlow Security Gateway, Symantec AntiVirus for Clearswift MIME Sweeper, Symantec AntiVirus for Inktomi Traffic Edge, Symantec AntiVirus for Microsoft ISA Server, and Symantec AntiVirus for NetApp Filer/NetCache are affected.

The vendor was notified on September 19, 2006.

Ruben Santamarta and iDefense reported this vulnerability.

Impact:   A local user can obtain kernel-level privileges on the target system.
Solution:   The vendor has issued a fix as part of the anti-virus definitions dated October 4, 2006 revision 9 (or later). The vendor has issued fixed versions of the NAVEX15.SYS and NAVENG.SYS drivers (20061.3.0.12 and later) as part of the update.

The Symantec advisory is available at:

http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05a.html

Vendor URL:  securityresponse.symantec.com/avcenter/security/Content/2006.10.05a.html (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC