TITLE: Symantec AntiVirus Scan Engine Administrative Interface Buffer Overflow SECUNIA ADVISORY ID: SA17049 VERIFY ADVISORY: http://secunia.com/advisories/17049/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network SOFTWARE: Symantec AntiVirus Scan Engine 4.x http://secunia.com/product/3040/ DESCRIPTION: A vulnerability has been reported in Symantec AntiVirus Scan Engine, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. The vulnerability is caused due to an input validation error in the web-based Administrative Interface when handling a HTTP request. This can be exploited to cause a heap-based buffer overflow via a specially crafted HTTP request that contains a negative value in certain HTTP headers. Successful exploitation allows arbitrary code execution with SYSTEM privileges, but requires the ability to send HTTP requests to port 8004/tcp. The vulnerability has been reported in the following versions: * Symantec AntiVirus Scan Engine (version 4.0 and 4.3). * Symantec AntiVirus Scan Engine for ISA (version 4.0 and 4.3). * Symantec AntiVirus Scan Engine for Netapp Filer (version 4.0). * Symantec AntiVirus Scan Engine for Messaging (version 4.3). * Symantec AntiVirus Scan Engine for Netapp NetCache (version 4.0). * Symantec AntiVirus Scan Engine for Network Attached Storage (version 4.3). * Symantec AntiVirus Scan Engine for Bluecoat (version 4.0). * Symantec AntiVirus Scan Engine for Caching (version 4.3). * Symantec AntiVirus Scan Engine for Microsoft SharePoint (version 4.3). * Symantec AntiVirus Scan Engine for Clearswift (version 4.0 and 4.3). Other products that use the Scan Engine may also affected. SOLUTION: Apply security update. http://securityresponse.symantec.com/avcenter/security/Content/2005.10.04.html#savse4-3-12 PROVIDED AND/OR DISCOVERED BY: Discovered by anonymous person and reported via iDEFENSE. ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2005.10.04.html iDEFENSE: http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------