SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Symantec Endpoint Protection Vendors:   Symantec
Symantec Endpoint Protection Bugs in Alert Management System 2 Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1022132
SecurityTracker URL:  http://securitytracker.com/id/1022132
CVE Reference:   CVE-2009-1429, CVE-2009-1430, CVE-2009-1431   (Links to External Site)
Date:  Apr 28 2009
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 11.0 MR2 and prior versions
Description:   Several vulnerabilities were reported in Symantec Endpoint Protection in the Alert Management System 2 component. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to the Intel LANDesk Common Base Agent (CBA) on TCP port 12174 to execute arbitrary code on the target system [CVE-2009-1429]. The code will run with System privileges.

A remote user can send specially crafted data to the Intel Alert Originator Service (IAO.EXE) to trigger a stack overflow and execute arbitrary code on the target system [CVE-2009-1430]. The code will run with System privileges.

A remote user can send specially crafted data to the Intel Alert Originator Service (IAO.EXE) to trigger a separate stack overflow and execute arbitrary code on the target system [CVE-2009-1430]. The code will run with System privileges.

A remote user can create specially crafted code on a fileshare or WebDav server and then send the UNC path of the file to the Intel File Transfer service (XFR.EXE) on the target system to execute arbitrary code on the target system [CVE-2009-1431]. The code will run with System privileges.

Sebastian Apelt and Tenable Network Securutiy reported some of these vulnerabilities via Zero Day Initiative; an anonymous researcher reported one vulnerability via iDefense.

Impact:   A remote user can execute arbitrary code with System level privileges on the target system.
Solution:   The vendor has issued a fix (11.0 MR3).

The vendor's advisory is available at:

http://www.symantec.com/business/security_response/securityupdates/ detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

Vendor URL:  www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02 (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC