ISS X-Force Database: sse-unauth-file-access(25974): Symantec Scan Engine unauthorized file access

Symantec Scan Engine unauthorized file access

sse-unauth-file-access (25974)

Low Risk

Description:

Symantec Scan Engine could allow a remote attacker to obtain sensitive information. A remote attacker could send a URL request for any known file within the Symantec\Scan Engine\ directory, including log files, virus definitions and .xml configuration files. This information could be used to launch further attacks against the affected Scan Engine server.

Platforms Affected:

RedHat, Enterprise Linux 2.1 AS
RedHat, Enterprise Linux 2.1 ES
RedHat, Enterprise Linux 3 AS
RedHat, Enterprise Linux 3 ES
RedHat, Linux 9.0
Sun, Solaris 10 SPARC
Sun, Solaris 8 SPARC
Sun, Solaris 9 SPARC
SuSE, SuSE SLES 9
Symantec, Scan Engine 5.0.0.24

Remedy:

Upgrade to the latest version of Symantec Scan Engine (5.1 or later), as listed in Symantec Security Advisory SYM06-008. See References.

Consequences:

Obtain Information

References:

Rapid7, LLC Security Advisory R7-0023, Symantec Scan Engine File Disclosure Vulnerability at http://www.rapid7.com/advisories/R7-0023.html.
Symantec Security Advisory SYM06-008 , Symantec Scan Engine Multiple Vulnerabilities at http://www.symantec.com/avcenter/security/Content/2006.04.21.html.
BID-17637: Symantec AntiVirus Scan Engine Multiple Remote Vulnerabilities
CVE-2006-0232: Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.
SA19734: Symantec Scan Engine Multiple Vulnerabilities
SECTRACK ID: 1015974: Symantec Scan Engine Lets Remote Users Access the System and Download Files
VUPEN/ADV-2006-1464: Symantec Scan Engine Authentication Bypass and Information Disclosure Issues

Reported:

Apr 21, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page