[ISN] Symantec Patches 'High-Risk' Bug

From: InfoSec News (alerts@private)
Date: Wed Apr 11 2007 - 01:07:28 PDT


http://www.informationweek.com/news/showArticle.jhtml?articleID=198900584

By Sharon Gaudin
InformationWeek
April 10, 2007 

Symantec on Tuesday patched a vulnerability in its Enterprise Security 
Manager tool that could enable a hacker to remotely control an infected 
computer.

The security vendor is warning users to update their software as soon as 
possible, saying this is a "high-risk" bug. All versions of ESM are 
vulnerable, except version 6.5.3, which includes the fixes and is not 
vulnerable.

A spokesman for Symantec said in an interview that the company isn't 
aware of any proof-of-concept code or exploits for this vulnerability.

The ESM tool is designed to discover and report vulnerabilities and 
security policy deviations, such as inappropriate passwords and missing 
patches.

The flaw lies in the fact that the tool does not authenticate someone 
who's making an upgrade request. That means a hacker could use the flaw 
to infect the system with malware.

"The vulnerability exists in the ESM agent remote upgrade interface," 
Symantec explained in an online advisory. "The ESM agent accepts remote 
upgrade requests from any entity that understands the upgrade protocol. 
The ESM agent does not currently verify that upgrades are from a trusted 
source. An attacker with knowledge of the agent protocol could deploy a 
piece of software that allows the attacker to control the host 
computer."

The ESM agent has administrative privileges.

The patch will be pushed out to users automatically, or they can 
manually install it, Symantec said.


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Wed Apr 11 2007 - 01:24:16 PDT