SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Symantec Anti Virus Vendors:   Symantec
Symantec Anti Virus Corporate Edition Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1022130
SecurityTracker URL:  http://securitytracker.com/id/1022130
CVE Reference:   CVE-2009-1429, CVE-2009-1430, CVE-2009-1431   (Links to External Site)
Date:  Apr 28 2009
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.0 MR6 and prior, 10.0, 10.1 MR7 and prior, and 10.2 MR1 and prior
Description:   Several vulnerabilities were reported in Symantec Anti Virus Corporate Edition in the Alert Management System 2 component. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to the Intel LANDesk Common Base Agent (CBA) on TCP port 12174 to execute arbitrary code on the target system [CVE-2009-1429]. The code will run with System privileges.

A remote user can send specially crafted data to the Intel Alert Originator Service (IAO.EXE) to trigger a stack overflow and execute arbitrary code on the target system [CVE-2009-1430]. The code will run with System privileges.

A remote user can send specially crafted data to the Intel Alert Originator Service (IAO.EXE) to trigger a separate stack overflow and execute arbitrary code on the target system [CVE-2009-1430]. The code will run with System privileges.

A remote user can create specially crafted code on a fileshare or WebDav server and then send the UNC path of the file to the Intel File Transfer service (XFR.EXE) on the target system to execute arbitrary code on the target system [CVE-2009-1431]. The code will run with System privileges.

Sebastian Apelt and Tenable Network Securutiy reported some of these vulnerabilities via Zero Day Initiative; an anonymous researcher reported one vulnerability via iDefense.

Impact:   A remote user can execute arbitrary code on the target system with System level privileges.
Solution:   The vendor has issued a fix (9.0 MR7, 10.1 MR8, 10.2 MR2).

The vendor's advisory is available at:

http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

Vendor URL:  www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02 (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC