Jump to content

Critical Flaws Affect Symantec Data Center Security: Server Advanced


steven36

Recommended Posts

Glitches could be used as entry points to the network

A set of four vulnerabilities have been found to have a critical impact on Symantec Data Center Security: Server Advanced (SDCS:SA), allowing a potential attacker to bypass the client protection policies and gain access at system and database level.

The security issues include the possibility of SQL injection, reflected cross-site scripting (XSS), information disclosure, and policy bypasses.

SQL injection and reflected XSS

Stefan Viehböck, security researcher at SEC Consult Vulnerability Lab, discovered the vulnerabilities and reported them to Symantec on October 20, 2014, following responsible disclosure steps.

According to his advisory published on Thursday, exploiting the SQL injection vulnerability, tracked as CVE-2014-7289, a threat actor could send SQL commands that would be executed due to improper input validation, permitting read/write access to any record available in a database.

During his research, Viehböck managed to add a new user with admin privileges to SDCS:SA. He says that this was achieved by accessing a servlet that can be reached via /sis-ui/authenticate (TCP port 4443, HTTPS) and sending a specially crafted HTTP request.

By exploiting the reflected XSS glitch (CVE-2014-9224), the researcher says, an attacker could steal a user’s session, impersonate other users, and gain access to the administrator interface without authorization.

Information disclosure and security protection policy bypasses

A third vulnerability (CVE-2014-9225) could be taken advantage of by accessing an unprotected script (https://:8081/webui/admin/environment.jsp) that contains internal details about the application on the server, such as file paths on the webserver and version information (OS, Java).

The fourth security flaw discovered by Viehböck is tracked as CVE-2014-9226 and refers to several default security protection policy bypasses in the SDCS:SA client. These include persistent remote code execution via Windows services, remote code execution through RPC (remote procedure call), extracting Windows passwords in the form they are stored in, and privilege elevation via Windows Installer and Windows Management Instrumentation.

Symantec has already provided patches, but only for SCSP 5.2.9 MP6 and SDCS:SA 6.0 MP1 products, offering a set of workarounds for some of the vulnerabilities.

Because SDCS:SA can be leveraged as an entry point into a company’s network, applying the latest update should be done as soon as possible.

As per the disclosure timeline, after confirming the security flaws and working on the release of a patch, Symantec announced that a fix would be provided on January 17, making the delivery on schedule.

Source

Link to comment
Share on other sites


  • Views 865
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...