TITLE:
Symantec AntiVirus Scan Engine Administrative Interface Buffer
Overflow

SECUNIA ADVISORY ID:
SA17049

VERIFY ADVISORY:
http://secunia.com/advisories/17049/

CRITICAL:
Moderately critical

IMPACT:
DoS, System access

WHERE:
>From local network

SOFTWARE:
Symantec AntiVirus Scan Engine 4.x
http://secunia.com/product/3040/

DESCRIPTION:
A vulnerability has been reported in Symantec AntiVirus Scan Engine,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or compromise a vulnerable system.

The vulnerability is caused due to an input validation error in the
web-based Administrative Interface when handling a HTTP request. This
can be exploited to cause a heap-based buffer overflow via a specially
crafted HTTP request that contains a negative value in certain HTTP
headers.

Successful exploitation allows arbitrary code execution with SYSTEM
privileges, but requires the ability to send HTTP requests to port
8004/tcp.

The vulnerability has been reported in the following versions:
* Symantec AntiVirus Scan Engine (version 4.0 and 4.3).
* Symantec AntiVirus Scan Engine for ISA (version 4.0 and 4.3).
* Symantec AntiVirus Scan Engine for Netapp Filer (version 4.0).
* Symantec AntiVirus Scan Engine for Messaging (version 4.3).
* Symantec AntiVirus Scan Engine for Netapp NetCache (version 4.0).
* Symantec AntiVirus Scan Engine for Network Attached Storage
(version 4.3).
* Symantec AntiVirus Scan Engine for Bluecoat (version 4.0).
* Symantec AntiVirus Scan Engine for Caching (version 4.3).
* Symantec AntiVirus Scan Engine for Microsoft SharePoint (version
4.3).
* Symantec AntiVirus Scan Engine for Clearswift  (version 4.0 and
4.3).

Other products that use the Scan Engine may also affected.

SOLUTION:
Apply security update.
http://securityresponse.symantec.com/avcenter/security/Content/2005.10.04.html#savse4-3-12

PROVIDED AND/OR DISCOVERED BY:
Discovered by anonymous person and reported via iDEFENSE.

ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.10.04.html

iDEFENSE:
http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------