Vulnerability Note VU#849209
Symantec AntiVirus Scan Engine administrative interface contains a buffer overflow vulnerability
Overview
Symantec AntiVirus Scan Engine administrative interface contains a remotely exploitatble buffer overflow that may allow an attacker to execute arbitrary code.
Description
The Symantec AntiVirus Scan Engine provides a programming interface to Symantec content scanning and virus detection services. The Symantec AntiVirus Scan Engine includes an administrative interface that is enabled and listening on port 8004/tcp by default. The administrative interface contains a buffer overflow vulnerability that can be triggered by sending a specially crafted HTTP request to port 8004/tcp. For more detailed information and for a list of vulnerable software, see Symantec Security Response SYM05-017. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code with privileges of the Symantec AntiVirus Scan Engine. |
Solution
Apply a security update Install the security updates, as recommended by the Symantec Security Response SYM05-017. |
Restrict access
|
Systems Affected (Learn More)
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
Symantec, Inc. | Affected | 07 Oct 2005 | 07 Oct 2005 |
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | N/A | N/A |
Temporal | N/A | N/A |
Environmental | N/A | N/A |
References
- http://securityresponse.symantec.com/avcenter/security/Content/2005.10.04.html
- http://www.auscert.org.au/5551
- http://secunia.com/advisories/17049/
- http://xforce.iss.net/xforce/xfdb/22519
- http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities
- http://www.osvdb.org/displayvuln.php?osvdb_id=19854
Credit
This vulnerability was reported by iDEFENSE.
This document was written by Jeff Gennari
Other Information
- CVE IDs: CAN-2005-2758
- Date Public: 05 Oct 2005
- Date First Published: 07 Oct 2005
- Date Last Updated: 10 Oct 2005
- Severity Metric: 26.77
- Document Revision: 45
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.