TITLE:
Symantec Reporting Server Three Vulnerabilities
SECUNIA ADVISORY ID:
SA25543
VERIFY ADVISORY:
http://secunia.c
om/advisories/25543/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, Manipulation of data, Exposure of
sensitive
information
WHERE:
>From local network
SOFTWARE:
Symantec AntiVirus Corporate Edition 10.x
http://secunia.com/p
roduct/5555/
Symantec Client Security 3.x
http://secunia.com/p
roduct/6649/
Symantec Reporting Server 1.x
http://secunia.com/
product/14439/
DESCRIPTION:
Three vulnerabilities have been reported in Symantec
Reporting
Server, which can be exploited by malicious people to gain
knowledge
of sensitive information, bypass certain security
restrictions,
or
manipulate certain files.
1) A certain file that is created when exporting data from
the
Reporting Server can be manipulated to create and execute a
malicious
file instead.
2) An unspecified error during a failed login attempt can
be
exploited to reveal a hashed version of the password.
3) Unspecified errors within the SCS Reporting Server can
be
exploited to disable and bypass the authentication
mechanism.
The vulnerabilities reportedly affect version 1.0.197.0.
SOLUTION:
Update to version 1.0.224.0.
SAV 10.1 MR6 build 6000 (10.1.6.6000) or later / SCS 3.1 MR6
build
6000 (3.1.6.6000) or later:
htt
ps://fileconnect.symantec.com/licenselogin.jsp
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.c
om/avcenter/security/Content/2007.06.05.html
http://securityresponse.symantec.
com/avcenter/security/Content/2007.06.05a.html
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|
