OSVDB ID: 19854

Title: Symantec AntiVirus Scan Engine Administrative Interface HTTP Header Overflow

Info

Disclosure

Oct 04, 2005

Discovery

Aug 31, 2005

Dates

Exploit

Unknown

Solution

Oct 04, 2005

Description

A remote overflow exists in Symantec AntiVirus Scan Engine. The administrative Scan Engine Web service fails to perform proper bounds checking resulting in a heap-based buffer overflow. With a specially crafted HTTP header containing a negative value, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related, Security Software

Solution

Upgrade to version 4.3.12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Symantec Corporation	AntiVirus Scan Engine	4.0
		4.3

References

Security Tracker: 1015001
Bugtraq ID: 15001
Secunia Advisory ID: 17049
CVE ID: 2005-2758 (see also: NVD)
ISS X-Force ID: 22519
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0085.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0086.html
Generic Informational URL: http://news.com.com/Bug+spotted+in+Symantec+antivirus/2100-1002_3-5889518.html
Vendor Specific Advisory URL: http://securityresponse.symantec.com/avcenter/security/Content/2005.10.04.html
Other Advisory URL: http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities
Vendor URL: http://www.symantec.com/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/19854

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Symantec Corporation

AntiVirus Scan Engine

References

Credit