Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Security Information on Website

Published: 2006-04-22
Last Updated: 2006-04-22 23:33:27 UTC
by Koon Yaw Tan (Version: 1)
0 comment(s)
Recall end of last year where we have posted a story on security and abuse email to be updated and contactable especially during holiday season.

One of our reader wrote to us about RFC 3013 on '/security' URL on websites (e.g. www.somedomain.com/security).

Under RFC 3013, it is stated that ISPs may consider using common URLs for security and abuse information (e.g. http://www.ISP-name-here.net/security/).

However,unlike RFC 2142 on email contact, this is not widely adopted. It will be of great convenience to everyone if every website is to follow and maintain a '/security' link.

Keywords:
0 comment(s)

Symantec Scan Engine Multiple Vulnerabilities

Published: 2006-04-22
Last Updated: 2006-04-22 19:29:20 UTC
by Koon Yaw Tan (Version: 1)
0 comment(s)
Three vulnerabilities were reported in Symantec Scan Engine. The vulnerabilities could allow a remote user to access the scan engine, download any file located under the Symantec Scan Engine installation directory and conduct man-in-the-middle attacks. Symantec Scan Engine is used in third party applications to interface with Symantec content scanning technologies.

The first vulnerability is the authentication mechanism used by Symantec Scan Engine over its web-based administrative interface. The Scan Engine does not properly authenticate web-based user logins which will then allow a remote user to bypass authentication and gain control of the Scan Engine server.

The second vulnerability allows an unauthenticated remote user to send a specially crafted HTTP request to access arbitrary files located under the Symantec Scan Engine installation directory.

The third vulnerability is the result of the Scan Engine using a static private DSA key for SSL communications. The key cannot be changed by end users and can be extracted from any installation of the product. As a result, this could allow a remote user to conduct man-in-the-middle attacks.

The vulnerabilities were reported by Rapid7 and PoC has been published to demonstrate the first vulnerability.

Symantec has released fixes to the latest product.

Symantec Advisory
http://www.rapid7.com/advisories/R7-0021.html
http://www.rapid7.com/advisories/R7-0022.html
http://www.rapid7.com/advisories/R7-0023.html
http://www.frsirt.com/english/advisories/2006/1464
Keywords:
0 comment(s)
Diary Archives