SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Symantec Client Security Vendors:   Symantec
Symantec Client Security Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1022131
SecurityTracker URL:  http://securitytracker.com/id/1022131
CVE Reference:   CVE-2009-1429, CVE-2009-1430, CVE-2009-1431   (Links to External Site)
Date:  Apr 28 2009
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0 MR6 and prior; 3.0; 3.1 MR7 and prior versions
Description:   Several vulnerabilities were reported in Symantec Client Security. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to the Intel LANDesk Common Base Agent (CBA) on TCP port 12174 to execute arbitrary code on the target system [CVE-2009-1429]. The code will run with System privileges.

A remote user can send specially crafted data to the Intel Alert Originator Service (IAO.EXE) to trigger a stack overflow and execute arbitrary code on the target system [CVE-2009-1430]. The code will run with System privileges.

A remote user can send specially crafted data to the Intel Alert Originator Service (IAO.EXE) to trigger a separate stack overflow and execute arbitrary code on the target system [CVE-2009-1430]. The code will run with System privileges.

A remote user can create specially crafted code on a fileshare or WebDav server and then send the UNC path of the file to the Intel File Transfer service (XFR.EXE) on the target system to execute arbitrary code on the target system [CVE-2009-1431]. The code will run with System privileges.

Sebastian Apelt and Tenable Network Securutiy reported some of these vulnerabilities via Zero Day Initiative; an anonymous researcher reported one vulnerability via iDefense.

Symantec Endpoint Protection is also affected.

Impact:   A remote user can execute arbitrary code on the target system with System level privileges.
Solution:   The vendor has issued a fix (2.0 MR7, 3.1 MR8).

The vendor's advisory is available at:

http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

Vendor URL:  www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02 (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC