lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070605192737.7530.qmail@securityfocus.com>
Date: 5 Jun 2007 19:27:37 -0000
From: secure@...antec.com
To: bugtraq@...urityfocus.com
Subject: SYM07-012 Symantec Reporting Server elevation of privilege

SYM07-012 Symantec Reporting Server Elevation of Privilege

June 5, 2007 

Risk Impact
Medium     

Remote Access: Yes
Local Access: Yes
Authentication Required: No
Exploit available:  No

Overview
Files created by a Reporting Server may be accessible to an unauthorized user.    

Affected Products 
Reporting 1.0.197.0,  up to the solution SAV 10.1 MR6  build 6000 (10.1.6.6000)  or later

Solution
Reporting 1.0.224.0 or later	
		
Reporting is not available as a stand-alone application, but is distributed with Symantec AntiVirus and Symantec Client Security.  Reporting 1.0.224.0  or later is available with the following products
SAV 10.1 MR6  build 6000 (10.1.6.6000)  or later
SCS 3.1 MR6 build 6000 (3.1.6.6000) or later


Details

Symantec Reporting Server is an optional web application within the Symantec System Center console that can be used to be used to create reports about Symantec Client Security and Symantec AntiVirus products in an enterprise network.

Symantec was notified that a file created in the process of exporting data from Reporting Server could be potentially be manipulated by an unauthorized user to create a malicious executable file.   An attacker could then execute the file, potentially gaining access to the server in the context of the web server user.  

Symantec Response

Symantec engineers verified that the issue exists in Reporting Server included with the product versions listed above.   The error occurred due to the improper initialization of a variable, and updates have been released to correct the problem.  

This vulnerability affects only systems on which the Reporting Server program is installed. Individual client systems are not affected.

Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue.  However, we recommend that customers update Reporting Server immediately to protect against possible attempts to exploit this issue. 


Mitigation and best practices

- Uninstall Reporting Server if it is not being used
 - Symantec Client Security Console (SCS Console) and the Reporting Server interface should be restricted to trusted access only.  
 - Ensure that the SCS Console and Reporting Server interface are never visible external to the network.  This greatly reduces opportunities for unauthorized remote access. 
- User accounts for Reporting Server should be unique, and different from the user’s network login account.  
- Delete exported data files which are no longer needed.  


Credit
Symantec would like to thank Ertunga Arsal of Tech Data GmbH & Co. OHG for reporting this issue, and coordinating with us on the response.  

CVE
This issue is a candidate for inclusion in the Common Vulnerabilities and Exposures (CVE) list (http://cve.mitre.org), which standardizes names for security problems.   The CVE initiative has assigned CVE-2007-3021 to this issue



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Symantec Product Security Team

________________________________________
Symantec takes the security and proper functionality of its products very
seriously. As founding members of the 
Organization for Internet Safety (OISafety), Symantec follows the
principles of responsible disclosure. Symantec also 
subscribes to the vulnerability guidelines outlined by the National
Infrastructure Advisory Council (NIAC). Please contact 
secure@...antec.com if you feel you have discovered a potential or actual
security issue with a Symantec product. 
________________________________________
Copyright (c) 2007 by Symantec Corp.

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRmW5bf9Lqygkbb6BAQjVQQf7BjFMagCcjl+kkYiEEcphatUuDi1sDZ+h
r2eRvO+8RbCzNoGWuBFiK9ExIhhQNRTDCkvceDcFFOBtKVv7wg/LGw935O8P7+PK
lsdT+UEdCFqyUu+mteYARW4uQ9b17luDoxU2cEa6iZ9qS/6uzLEAkNQXo0Tm2PlT
elYjlv5m13FSbAd+KfRh94XRguxrKZ/i8KxzsS8E0RvmADW+mjYbNv1rRT5C3AGr
Kl7f3c07U4+DfISxDcAVjZwgK6lA42qLih8M2iC4P2bQJ1Ml3Uukxnt1EOLFBNo2
5UXMaAZ7lSK7l+ZIg1q57h5tsXOp9FQQaN7rSk2ObEvGoGheK3wiww==
=CXAH
-----END PGP SIGNATURE-----




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ