Members
  • Total Members: 12816
  • Latest: t114563
Stats
  • Total Posts: 28525
  • Total Topics: 8240
  • Online Today: 833
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Symantec's Zero-day fault cause "blue-screen-of-death" on Endpoint Protection  (Read 619 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Get patching, sysadmins, there's a zero-day in Symantec Endpoint Protection (SEP).

This US-CERT advisory: https://www.us-cert.gov/ncas/current-activity/2014/08/04/Local-Privilege-Escalation-Vulnerability-Symantec-Endpoint is alerting anyone who ignored Symatec's note about the issue: http://www.symantec.com/business/support/index?page=content&id=TECH223338

CVE-2014-3434 is a local access vulnerability with a public exploit. A client buffer overflow can cause a blue-screen-of-death on the client, which could also expose the client to unauthorised local privilege escalation.

It affects all builds of SEP client 12.1 and 11.0, and all builds of SEP 12.0 Small Business Edition. Unaffected products are SEP Manager, SEP Endpoint Protection 12.1 Small Business Edition, SEP cloud and Symantec Network Access Control.

The vuln was one of many turned up by Offensive Security in this blog post: http://www.offensive-security.com/vulndev/symantec-endpoint-protection-0day/
Offensive Security says only some of its discoveries have been acted on, and is pimping its talk at Black Hat, at which it will detail the rest.

According to Symantec, the fault is in the sysplant driver, which doesn't properly validate external input. It's part of the SEP client's Application and Device Control component, which means disabling that component will serve as a workaround if you can't patch immediately.

Offensive Security reported the issue to Symantec on 29 July, and an exploit authored by Bradley Sean Susser of Bot24 Inc was published yesterday. Symantec has issued a patch for the issue.

(ElReg)

Samker's Computer Forum - SCforum.info





 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising