Rapid7 Spots Vulnerabilities

Numerous flaws found in Symantec Scan Engine pose the risk of unauthorized access to critical data and malicious attacks, reports Rapid7

April 25, 2006

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

BOSTON -- Numerous flaws found in Symantec Scan Engine pose the risk of unauthorized access to critical data and malicious attacks, reports Rapid7 LLC in three security advisories issued Friday, April 21, 2006 (see http://www.rapid7.com/advisories/rapid7-advisories.html). Symantec Scan Engine v5.0.0.24 and earlier versions are affected.

Attacks can be carried out through vulnerabilities in the way Symantec Scan Engine handles authentication, server communications, and access to the installation directory. The flaws reported are as follows:

Symantec Scan Engine Authentication Fundamental Design Error

A design error in the authentication model used by the administrative interface, which the Rapid7 advisory states, “Allows any remote user to gain full administrative access to the server.”

Symantec Scan Engine Known Immutable DSA Private Key

Use of the same private DSA key by every installation of Symantec Scan Engine. The key cannot be changed by end-users and can be extracted easily from any installation of the product, rendering SSL protection useless since the private key is known universally. The Rapid7 advisory states, “A man-in-the-middle attacker could easily intercept and decrypt all communications between Symantec Scan Engine and an administrative client.”

Symantec Scan Engine Web Interface File Disclosure VulnerabilityA vulnerability that allows unauthenticated remote users to download any file located in the Symantec Scan Engine installation directory, which includes current virus definitions. The Rapid7 advisory states, “Knowledge of installed virus definitions will allow an attacker to determine what viruses can be used to infect the network without detection.”

According to Rapid7’s advisories, Symantec was notified and has released an upgrade to Symantec Scan Engine v5.1.0.7 or later. Rapid7 confirms that this new version corrects these flaws and advises customers to download them immediately. Symantec provides information and access to the upgrade at http://securityresponse.symantec.com/avcenter/security/Content/2006.04.21.html.

To protect its customers, Rapid7 has added vulnerability checks for these flaws to NeXpose, its enterprise vulnerability management solution.

Rapid7 LLC

Read more about:

2006
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Enterprises investing in new infrastructure to support AI will have to choose between InfiniBand and Ethernet
Enterprise Connectivity
The Impact of AI on The Ethernet Switch MarketThe Impact of AI on The Ethernet Switch Market
byPam Baker, Contributing Writer
Sep 16, 2024
5 Min Read
Blue and purple digital cloud connecting apps and services with campus NaaS.
NaaS
Campus NaaS: Remaking the Campus NetworkCampus NaaS: Remaking the Campus Network
bySalvatore Salamone, Managing Editor, Network Computing
Jul 31, 2024
4 Min Read
DPUs are extensively used to accelerate AI and ML workloads by offloading tasks such as neural network inference and training from CPUs and GPUs.
Network Infrastructure
Harnessing DPUs & How DPUs are Changing Data CentersHarnessing DPUs & How DPUs are Changing Data Centers
byBob Wallace, Featured Writer
Jul 30, 2024
10 Min Read
Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events