ISS X-Force Database: symantec-scanengine-admin-bo(22519): Symantec AntiVirus Scan Engine Administrator Interface buffer overflow

Symantec AntiVirus Scan Engine Administrator Interface buffer overflow

symantec-scanengine-admin-bo (22519)

High Risk

Description:

Symantec AntiVirus Scan Engine is vulnerable to a heap-based buffer overflow caused by a vulnerability in the Web-based Administrator Interface. A remote attacker could send a specially-crafted HTTP request containing a negative value, which will not be correctly recognized by the integer value types, causing a heap-based buffer overflow which could cause a denial of service or possibly allow the attacker to execute code with SYSTEM level privileges.

Platforms Affected:

Symantec, AntiVirus Scan Engine 4.0
Symantec, AntiVirus Scan Engine 4.3
Symantec, AntiVirus Scan Engine BlueCoat 4.0
Symantec, AntiVirus Scan Engine For Network Attached Storage 4.3
Symantec, AntiVirus Scan Engine ISA 4.0
Symantec, AntiVirus Scan Engine ISA 4.3
Symantec, AntiVirus Scan Engine MSFT 4.3
Symantec, AntiVirus Scan Engine NetApp 4.0

Remedy:

Upgrade to the latest version of the product, as listed in Symantec Security Response SYM05-017. See References.

Consequences:

Gain Access

References:

Full-Disclosure Mailing List, Tue Oct 04 2005 - 17:03:24 CDT, iDEFENSE Security Advisory 10.04.05: Symantec AntiVirus Scan Engine Web Service Buffer Overflow Vulnerability at http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0085.html.
Symantec Security Response SYM05-017, Symantec Antivirus Scan Engine: Web Service Administrative Interface Buffer Overflow at http://securityresponse.symantec.com/avcenter/security/Content/2005.10.04.html#savse4-3-12.
BID-15001: Symantec AntiVirus Scan Engine Web Service Administrative Interface Buffer Overflow Vulnerability
CVE-2005-2758: Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.
OSVDB ID: 19854: Symantec AntiVirus Scan Engine Administrative Interface HTTP Header Overflow
SA17049: Symantec AntiVirus Scan Engine Administrative Interface Buffer Overflow
SECTRACK ID: 1015001: Symantec Anti Virus Scan Engine Buffer Overflow in Web Service Lets Remote Users Execute Arbitrary Code
US-CERT VU#849209: Symantec AntiVirus Scan Engine administrative interface contains a buffer overflow vulnerability
VUPEN/ADV-2005-1954: Symantec AntiVirus Scan Engine Web Service Remote Buffer Overflow

Reported:

Oct 05, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page