ISS X-Force Database: symantec-scanengine-admin-bo(22519): Symantec AntiVirus Scan Engine Administrator Interface buffer overflow

Symantec AntiVirus Scan Engine Administrator Interface buffer overflow

symantec-scanengine-admin-bo (22519)

High Risk

Description:

Symantec AntiVirus Scan Engine is vulnerable to a heap-based buffer overflow caused by a vulnerability in the Web-based Administrator Interface. A remote attacker could send a specially-crafted HTTP request containing a negative value, which will not be correctly recognized by the integer value types, causing a heap-based buffer overflow which could cause a denial of service or possibly allow the attacker to execute code with SYSTEM level privileges.

Consequences:

Gain Access

Remedy:

Upgrade to the latest version of the product, as listed in Symantec Security Response SYM05-017. See References.

References:

Full-Disclosure Mailing List, Tue Oct 04 2005 - 17:03:24 CDT: iDEFENSE Security Advisory 10.04.05: Symantec AntiVirus Scan Engine Web Service Buffer Overflow Vulnerability.
Symantec Security Response SYM05-017: Symantec Antivirus Scan Engine: Web Service Administrative Interface Buffer Overflow.
BID-15001: Symantec AntiVirus Scan Engine Web Service Administrative Interface Buffer Overflow Vulnerability
CVE-2005-2758: Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.
OSVDB ID: 19854: Symantec AntiVirus Scan Engine Administrative Interface HTTP Header Overflow
SA17049: Symantec AntiVirus Scan Engine Administrative Interface Buffer Overflow
SECTRACK ID: 1015001: Symantec Anti Virus Scan Engine Buffer Overflow in Web Service Lets Remote Users Execute Arbitrary Code
US-CERT VU#849209: Symantec AntiVirus Scan Engine administrative interface contains a buffer overflow vulnerability
VUPEN/ADV-2005-1954: Symantec AntiVirus Scan Engine Web Service Remote Buffer Overflow

Platforms Affected:

Symantec AntiVirus Scan Engine 4.0
Symantec AntiVirus Scan Engine 4.3
Symantec AntiVirus Scan Engine BlueCoat 4.0
Symantec AntiVirus Scan Engine For Network Attached Storage 4.3
Symantec AntiVirus Scan Engine ISA 4.0
Symantec AntiVirus Scan Engine ISA 4.3
Symantec AntiVirus Scan Engine MSFT 4.3
Symantec AntiVirus Scan Engine NetApp 4.0

Reported:

Oct 05, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page