[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [FD] Symantec Endpoint Protection
From: Brandon Perry <bperry.volatile () gmail ! com>
Date: 2015-08-01 15:20:28
Message-ID: E8ACABC0-880E-4F63-94AB-67A245CCA77C () gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Do you have example requests for the SQL injections?
> On Jul 31, 2015, at 7:40 AM, Markus Wulftange <markus.wulftange@code-white.com> wrote:
>
> Code White found several vulnerabilities in Symantec Endpoint Protection
> (SEP), affecting versions 12.1 prior to 12.1 RU6 MP1.
>
> SEP Manager (SEPM):
>
> * CVE-2015-1486: Authentication Bypass
> * CVE-2015-1487: Arbitrary File Write
> * CVE-2015-1488: Arbitrary File Read
> * CVE-2015-1489: Privilege Escalation
> * CVE-2015-1490: Path Traversal
> * CVE-2015-1491: SQL Injection
>
> SEP clients:
>
> * CVE-2015-1492: Binary Planting
>
> Official Symantec advisory SYM15-007:
>
> https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00
>
>
> An exploitation of these vulnerabilities effectively allow an
> unauthenticated remote attacker the full compromise of both the SEPM
> server as well as SEP clients running Windows. This can result in a full
> compromise of an enterprise Windows domain.
>
> Symantec provided the update 12.1 RU6 MP1 to address the issues.
>
>
> For a full disclosure of some of the vulnerabilities, see:
>
> http://codewhitesec.blogspot.com/2015/07/symantec-endpoint-protection.html
>
>
> --
> Markus Wulftange
> Senior Penetration Tester
>
> Code White GmbH
> Magirus-Deutz-Straße 18
> 89077 Ulm
>
> E-Mail markus.wulftange@code-white.com
> PGP C6D6 C18B BAB9 0089 6942 213D 7772 8552 E9F8 6F39
>
> http://www.code-white.com
>
> Code White GmbH
> Sitz und Registergericht/Domicile and Register Court: Stuttgart,
> HRB-Nr./Commercial Register No.: 749152
> Geschäftsführung/Management: Dr. Helmut Mahler, Andreas Melzner, Lüder
> Sachse
>
> _______________________________________________
> Sent through the Full Disclosure mailing list
> https://nmap.org/mailman/listinfo/fulldisclosure
> Web Archives & RSS: http://seclists.org/fulldisclosure/
["signature.asc" (signature.asc)]
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJVvOO9AAoJEKJq8VjVbt2p7xoP/jRhaCQ4kCE3TuHLkJ+tkqL3
bBN659tBmVOSWaDvrjMKfRxxIG2+7lT1uFvzGm4Fk6HMBCWM6/NLPi0UageWTWKM
ZxcwBR3nFoJfmQ09zT93eeePFQn5sKrYQVH75mhUvvIq6cQV5xYOIg4lG5NMG4OZ
GHH8fv/Rt0/amkVT6XM9sUKnQpRkkt9WmcPT9go8SksLX/LDAYqllCOy09PloMgy
FsbzKgMx1at/4IZo7J0Pc1jy0ejLfJDvJUM4G07o5aiEZrLN3syhPu6oG26yoXs2
YbASmTUCs4JTPgn/zRPybykc0xU5kXBIHgRzMYAQ0qiRWHkHLq/qoU2qe+2qUJpL
npIRmpRxx+kYQ/49sHtpXnnGoutWZU20TUzVksub4yATQFr1AQCEaTnr9jENf9G/
ud/OOwZX8ykCMiyt0fBtm2q2U/bcEET6SKIaio9zmE5sLsA1nHDSchpdD94lmQBq
pY4XHtPiqpGSRAE0Pri9FH4JsOXieOqhVq7BkrlDA5UcxXQV4s2fgLX7ddbmKJm/
jHOqHB2hJvV5C2W/uCILWNmVeARXwYpDyDzw1hkIpLYrz5nrvtqgu3zJo1QScSWl
1m0Fz9vNWLpnaUCXWpItahWDtomh8PqOQnch5Giss1NANtlnykMucFCgPwjTF5LC
7G/zYWgr7xfBP7IrUYdJ
=2TkD
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic