Symantec, McAfee address security flaws

Security flaws in Symantec Altiris Deployment Solution and McAfee E-Business Server could be exploited to cause a denial of service or run malicious files. Fixes are available.

Symantec Corp. and McAfee Inc., two of the leading vendors in the security software market, have addressed vulnerabilities attackers could exploit in their products to cause a denial of service or run malicious code.

Symantec Altiris Deployment Solution -- software for deploying and managing servers, desktops, notebooks, thin clients, and handheld devices from a centralized location in Windows environments -- is prone to a local privilege-escalation vulnerability.

The Cupertino, Calif.-based company said in an emailed message to customers of its DeepSight threat management service that the Aclient process fails to properly drop privileges before executing external files. Symantec said that "an attacker can use the browser function to view or execute arbitrary files with 'system' privileges." Successful exploits will completely compromise affected computers.

Symantec has fixed the problem, and has included download instructions on the Symantec Security Response Web site.

Danish vulnerability clearinghouse Secunia, meanwhile, has discovered a vulnerability in McAfee E-Business Server attackers could exploit to cause a heap-based buffer overflow via a specially crafted authentication packet with an overly large length value.

"The vulnerability is caused due to an integer overflow within the e-Business administration utility service when parsing authentication packets," the firm said in Secunia advisory SA26372. "Successful exploitation allows execution of arbitrary code."

To fix the problem, Secunia recommends users update to E-Business Server 8.5.3 for Solaris or E-Business Server 8.1.2 for Linux/HP-UX/AIX.

The Windows version is not affected, Secunia said.

Dig deeper on Securing Productivity Applications

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close