‘Symantec Endpoint Protection Manager Reporting Server fw_charts.php Remote Execution Vulnerability’

Summary

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Endpoint Protection.’

Credit:

‘The information has been provided by Andrea Micalizzi.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-10-291/


Details

Vulnerable Systems:
 * Symantec Endpoint Protection

The specific flaw exists within the portion of the server that generates reports. Due to the combination of insufficient checks being performed on the application and failure to authenticate a user for generating a chart, an attacker can overwrite arbitrary files on a server. Careful exploitation can lead to code execution under the context of the php interpreter.

Patch Availability:
Symantec has issued an update to correct this vulnerability. More details can be found at
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101215_00

CVE Information:
CVE-2010-0114

Disclosure Timeline:
2010-04-06 – Vulnerability reported to vendor
2010-12-15 – Coordinated public release of advisory’

Categories: News