Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Symantec Antivirus Scan Engine: Web Service Administrative Interface Buffer Overflow - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Symantec Antivirus Scan Engine: Web Service Administrative Interface Buffer Overflow
iDEFENSE Labs has notified Symantec about a remotely exploitable buffer overflow vulnerability in the Symantec AntiVirus Scan Engine that can allow remote attackers to execute arbitrary code. The iDEFENSE Advisory says "A remote attacker can send a specially crafted HTTP request to the administrative Scan Engine Web Wervice on port 8004 to crash the service or execute arbitrary code."

Patch today folks.

Symantec's Advisory, (with patch and mitigation information) states the "Risk Impact" is High. Affected versions listed are;

Product Version Build Solution

Symantec AntiVirus Scan Engine 4.0 All SAVSE 4.3.12
Symantec AntiVirus Scan Engine 4.3 All SAVSE 4.3.12
Symantec AntiVirus Scan Engine for ISA 4.0 All SAVSE 4.3.12
Symantec AntiVirus Scan Engine for ISA 4.3 All SAVSE 4.3.12
Symantec AntiVirus Scan Engine for Netapp Filer 4.0 All SAVSE 4.3.12
Symantec AntiVirus Scan Engine for Messaging 4.3 All SAVSE 4.3.12
Symantec AntiVirus Scan Engine for Netapp NetCache 4.0 All SAVSE 4.3.12
Symantec AntiVirus Scan Engine for Network Attached Storage 4.3 All SAVSE 4.3.12
Symantec AntiVirus Scan Engine for Bluecoat 4.0 All SAVSE 4.3.12
Symantec AntiVirus Scan Engine for Caching 4.3 All SAVSE 4.3.12
Symantec AntiVirus Scan Engine for Microsoft SharePoint 4.3 All SAVSE 4.3.12
Symantec AntiVirus Scan Engine for Clearswift 4.0 All SAVSE 4.3.12
Symantec AntiVirus Scan Engine for Clearswift 4.3 All SAVSE 4.3.12

Non-Affected Product(s)

Product Version Build
Symantec AntiVirus Scan Engine 4.1 All

Patrick

193 Posts

Sign Up for Free or Log In to start participating in the conversation!