Symantec Scan Engine unauthorized administrative access

sse-unauth-admin-access (25972) The risk level is classified as MediumMedium Risk

Description:

Symantec Scan Engine could allow a remote attacker to gain unauthorized administrative access to the Web administrative interface, caused by a design error in the authentication mechanism in which password verification is performed by a client-side applet. By sending a specially-crafted request to TCP port 8004 or 8005 a remote attacker could bypass authentication and gain administrative access to the Scan Engine server.


Consequences:

Bypass Security

Remedy:

Upgrade to the latest version of Symantec Scan Engine (5.1 or later), as listed in Symantec Security Advisory SYM06-008. See References.

References:

  • Rapid7, LLC Security Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error.
  • Symantec Security Advisory SYM06-008: Symantec Scan Engine Multiple Vulnerabilities.
  • BID-17637: Symantec AntiVirus Scan Engine Multiple Remote Vulnerabilities
  • CVE-2006-0230: Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.
  • SA19734: Symantec Scan Engine Multiple Vulnerabilities
  • US-CERT VU#118388: Symantec Scan Engine fails to properly perform authentication
  • VUPEN/ADV-2006-1464: Symantec Scan Engine Authentication Bypass and Information Disclosure Issues

Platforms Affected:

  • RedHat Enterprise Linux 2.1 AS
  • RedHat Enterprise Linux 2.1 ES
  • RedHat Enterprise Linux 3 AS
  • RedHat Enterprise Linux 3 ES
  • RedHat Linux 9.0
  • Sun Solaris 10 SPARC
  • Sun Solaris 8 SPARC
  • Sun Solaris 9 SPARC
  • SuSE SuSE SLES 9
  • Symantec Scan Engine 5.0.0.24

Reported:

Apr 21, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page