Secunia Security Advisory - A vulnerability has been reported in Symantec AntiVirus Scan Engine, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
332e8d805c138c0ee7173be094094cf22ff949875d44164c82d8f350268f6b27
TITLE:
Symantec AntiVirus Scan Engine Administrative Interface Buffer
Overflow
SECUNIA ADVISORY ID:
SA17049
VERIFY ADVISORY:
http://secunia.com/advisories/17049/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
>From local network
SOFTWARE:
Symantec AntiVirus Scan Engine 4.x
http://secunia.com/product/3040/
DESCRIPTION:
A vulnerability has been reported in Symantec AntiVirus Scan Engine,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or compromise a vulnerable system.
The vulnerability is caused due to an input validation error in the
web-based Administrative Interface when handling a HTTP request. This
can be exploited to cause a heap-based buffer overflow via a specially
crafted HTTP request that contains a negative value in certain HTTP
headers.
Successful exploitation allows arbitrary code execution with SYSTEM
privileges, but requires the ability to send HTTP requests to port
8004/tcp.
The vulnerability has been reported in the following versions:
* Symantec AntiVirus Scan Engine (version 4.0 and 4.3).
* Symantec AntiVirus Scan Engine for ISA (version 4.0 and 4.3).
* Symantec AntiVirus Scan Engine for Netapp Filer (version 4.0).
* Symantec AntiVirus Scan Engine for Messaging (version 4.3).
* Symantec AntiVirus Scan Engine for Netapp NetCache (version 4.0).
* Symantec AntiVirus Scan Engine for Network Attached Storage
(version 4.3).
* Symantec AntiVirus Scan Engine for Bluecoat (version 4.0).
* Symantec AntiVirus Scan Engine for Caching (version 4.3).
* Symantec AntiVirus Scan Engine for Microsoft SharePoint (version
4.3).
* Symantec AntiVirus Scan Engine for Clearswift (version 4.0 and
4.3).
Other products that use the Scan Engine may also affected.
SOLUTION:
Apply security update.
http://securityresponse.symantec.com/avcenter/security/Content/2005.10.04.html#savse4-3-12
PROVIDED AND/OR DISCOVERED BY:
Discovered by anonymous person and reported via iDEFENSE.
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.10.04.html
iDEFENSE:
http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------