>
> TITLE:
> Symantec Scan Engine Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA19734
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Moderately critical
>
> IMPACT:
> Security Bypass, Exposure of sensitive information
>
> WHERE:
> From local network
>
> SOFTWARE:
> Symantec Scan Engine 5.x
>
>
> DESCRIPTION:
> Three vulnerabilities has been reported in Symantec Scan Engine,
> which can be exploited by malicious people to disclose potentially
> sensitive information, bypass authentication and conduct
> man-in-the-middle (MITM) attacks.
>
> 1) A design error in the authentication mechanism used by Symantec
> Scan Engine can be exploited to gain access to the web-based
> administrative interface via specially-crafted XML requests sent to
> the server using its proprietary protocol.
>
> 2) Symantec Scan Engine uses a static private DSA key for SSL
> communications between the server and the administrative control
> application. This key cannot be changed and can potentially be
> exploited in a man-in-the-middle attack to decrypt all communications
> between the Scan Engine and an administrative client.
>
> 3) Symantec Scan Engine does not properly restrict access to files
> within the installation directory. This can be exploited by
> unauthenticated users to download any file located under the
> directory, such as the configuration file, the scanning logs, and the
> current virus definitions via HTTP requests.
>
> The vulnerabilities have been reported in version 5.0.
>
> SOLUTION:
> Update to version 5.1.
>
> PROVIDED AND/OR DISCOVERED BY:
> 1,2) Marc Bevand of Rapid7
> 3) Joe Testa of Rapid7
>
> ORIGINAL ADVISORY:
> Symantec:
>
> /2006.04.21.html
>
> Rapid7:
>
>
>
>
