The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Symantec Enterprise Security Manager

computer vulnerability note CVE-2012-4350

Symantec Enterprise Security Manager: privilege escalation via a search path

Synthesis of the vulnerability

A local attacker can manage a search path used by Symantec Enterprise Security Manager, in order to make it execute arbitrary machine code under privileged account.
Impacted products: Symantec ESM.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: user account.
Creation date: 14/12/2012.
Identifiers: BID-56915, CERTA-2012-AVI-766, CVE-2012-4350, NGS00315, SYM12-020, VIGILANCE-VUL-12239.

Description of the vulnerability

A local attacker can manage a search path used by Symantec Enterprise Security Manager, in order to make it execute arbitrary machine code under privileged account.

Technicals details are unknown. One may suppose that a search path for programs or libraries depend on user controlled data, which would allow the attacker to make the product load some programs from a user writable directory, instead of only product installation directories.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 8033

Symantec Veritas: remote access via Scheduler Service

Synthesis of the vulnerability

An attacker can use the port of Scheduler Service, to send it packets in order to execute code.
Impacted products: Norton Antivirus, Symantec AV, Symantec ESM, SGS.
Severity: 2/4.
Consequences: data flow.
Provenance: internet client.
Creation date: 18/08/2008.
Identifiers: 306386, BID-30596, SYM08-015, VIGILANCE-VUL-8033.

Description of the vulnerability

The Symantec Scheduler service waits for messages from clients to download security updates.

The port is always open, it is possible to send it packets to change the service behavior.

An attacker can therefore send messages to the scheduler service, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2007-2896

Symantec ESM: denial of service via a scan

Synthesis of the vulnerability

An attacker can scan some Symantec ESM ports in order to overload the processor.
Impacted products: Symantec ESM.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 25/05/2007.
Identifiers: BID-24123, CVE-2007-2896, SYM07-008, VIGILANCE-VUL-6841.

Description of the vulnerability

The Symantec Enterprise Security Manager product can be installed under AIX, HP-UX, Solaris and Windows.

When ESM is installed under Windows, an attacker can scan some ports in order to generate an infinite loop.

This vulnerability therefore permits an attacker to generate a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 6716

Symantec Enterprise Security Manager: remote upgrade

Synthesis of the vulnerability

An attacker can conduct a remote upgrade of Symantec Enterprise Security Manager without authentication.
Impacted products: Symantec ESM.
Severity: 3/4.
Consequences: administrator access/rights, data creation/edition.
Provenance: intranet client.
Creation date: 06/04/2007.
Identifiers: 2007.04.05b, 2007.04.05d, BID-23287, SYM07-003, VIGILANCE-VUL-6716.

Description of the vulnerability

ESM agents (Symantec Enterprise Security Manager) can be updated automatically.

However, they do not check the GnuPG or S/MIME signature of received data.

An attacker can therefore provide a malicious update to ESM, which it will install, and run with administrative privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.