Symantec Scan Engine insecure private DSA key

sse-insecure-private-key (25973) The risk level is classified as LowLow Risk

Description:

Symantec Scan Engine uses a known private DSA key for SSL communications that cannot be changed by the user. A remote attacker could exploit this vulnerability to decrypt sensitive communications between the Scan Engine server and an administrative user that can be obtained using man-in-the-middle techniques.


Consequences:

Obtain Information

Remedy:

Upgrade to the latest version of Symantec Scan Engine (5.1 or later), as listed in Symantec Security Advisory SYM06-008. See References.

References:

  • Rapid7, LLC Security Advisory R7-0022: Symantec Scan Engine Known Immutable DSA Private Key.
  • Symantec Security Advisory SYM06-008 : Symantec Scan Engine Multiple Vulnerabilities.
  • BID-17637: Symantec AntiVirus Scan Engine Multiple Remote Vulnerabilities
  • CVE-2006-0231: Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications.
  • SA19734: Symantec Scan Engine Multiple Vulnerabilities
  • SECTRACK ID: 1015974: Symantec Scan Engine Lets Remote Users Access the System and Download Files
  • VUPEN/ADV-2006-1464: Symantec Scan Engine Authentication Bypass and Information Disclosure Issues

Platforms Affected:

  • RedHat Enterprise Linux 2.1 AS
  • RedHat Enterprise Linux 2.1 ES
  • RedHat Enterprise Linux 3 AS
  • RedHat Enterprise Linux 3 ES
  • RedHat Linux 9.0
  • Sun Solaris 10 SPARC
  • Sun Solaris 8 SPARC
  • Sun Solaris 9 SPARC
  • SuSE SuSE SLES 9
  • Symantec Scan Engine 5.0.0.24

Reported:

Apr 21, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page