[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: TELUS Security Labs VR - Symantec Alert Management System
From: noreply () telus ! com
Date: 2011-01-28 19:25:00
Message-ID: 201101281925.p0SJP0AH009877 () www3 ! securityfocus ! com
[Download RAW message or body]
Symantec Alert Management System HNDLRSVC Arbitrary Command Execution
TSL ID: FSC20100727-01
1. Affected Software
Symantec Antivirus Corporate Edition 10.1.8.8000 and possibly prior
Symantec System Center 10.1.8.8000 and possibly prior
Reference: http://www.symantec.com/business/antivirus-corporate-edition
2. Vulnerability Summary
An arbitrary program execution vulnerability exists in Symantec Alert Management \
System (AMS) service shipped with multiple Symantec products. The vulnerability could \
be exploited by remote unauthenticated attackers to execute arbitrary code with \
SYSTEM privileges.
3. Vulnerability Analysis
The Alert Management System (AMS) component of Symantec Antivirus Corporate Edition \
installs an alert handler service, HNDLRSVC, that listens for commands from the AMS \
server. This service does not perform proper authentication checks before executing \
such commands. Remote unauthenticated attackers could exploit this vulnerability by \
sending a crafted packet via the MSGSYS.EXE service on port 38292/TCP. The Run \
Program command would allow executing arbitrary programs from a remote SMB share with \
SYSTEM privileges on the vulnerable system.
4. Vulnerability Detection
TELUS Security Labs has confirmed the vulnerability in:
Symantec Antivirus Corporate Edition 10.1.8.8000
Symantec System Center 10.1.8.8000
5. Workaround
Disable the AMS service, or update to the non-vulnerable version of Symantec \
Antivirus 11.x series which does not include the vulnerable AMS component.
6. Vendor Response
Patches have been made available by the vendor to eliminate this vulnerability:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00
7. Disclosure Timeline
2009-07-31 Reported to the vendor
2009-08-03 Vendor response
2011-01-26 Coordinated public disclosure
8. Credits
Junaid Bohio of Vulnerability Research Team, TELUS Security Labs
9. References
CVE: CVE-2010-0110
Vendor: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00
http://telussecuritylabs.com/threats/show/FSC20100727-01
10. About TELUS Security Labs
TELUS Security Labs, formerly Assurent Secure Technologies is the leading provider of \
security research. Our research services include:
* Vulnerability Research
* Malware Research
* Signature Development
* Shellcode Exploit Development
* Application Protocols
* Product Security Testing
* Security Content Development (parsers, reports, alerts)
TELUS Security Labs provides a specialized portfolio of services to assist security \
product vendors with newly discovered commercial product vulnerabilities and malware \
attacks. Many of our services are provided on a subscription basis to reduce research \
costs for our customers. Over 50 of the world's leading security product vendors rely \
on TELUS Security Labs research.
http://telussecuritylabs.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic