Article

Symantec, McAfee address security flaws

SearchSecurity.com Staff

Symantec Corp. and McAfee Inc., two of the leading vendors in the security software market, have addressed vulnerabilities attackers could exploit in their products to cause a denial of service or run malicious code.

Symantec Altiris Deployment Solution -- software for deploying and managing servers, desktops, notebooks, thin clients, and handheld devices from a centralized location in Windows environments -- is prone to a local privilege-escalation vulnerability.

The Cupertino, Calif.-based company said in an emailed message to customers of its DeepSight threat management service that the Aclient process fails to properly drop privileges before executing external files. Symantec said that "an attacker can use the browser function to view or execute arbitrary files with 'system' privileges." Successful exploits will completely compromise affected computers.

Symantec has fixed the problem, and has included

    Requires Free Membership to View

download instructions on the Symantec Security Response Web site.

Danish vulnerability clearinghouse Secunia, meanwhile, has discovered a vulnerability in McAfee E-Business Server attackers could exploit to cause a heap-based buffer overflow via a specially crafted authentication packet with an overly large length value.

"The vulnerability is caused due to an integer overflow within the e-Business administration utility service when parsing authentication packets," the firm said in Secunia advisory SA26372. "Successful exploitation allows execution of arbitrary code."

To fix the problem, Secunia recommends users update to E-Business Server 8.5.3 for Solaris or E-Business Server 8.1.2 for Linux/HP-UX/AIX.

The Windows version is not affected, Secunia said.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: