CNVD-2016-04438

Vulnerability from cnvd - Published: 2016-07-04
VLAI Severity ?
Title
多款Symantec和Norton产品缓冲区溢出漏洞
Description
Symantec Advanced Threat Protection(ATP)、Symantec Embedded Security:Critical System Protection(SES:CSP)和Symantec Data Center Security: Server Advanced(SDCS:SA)都是美国赛门铁克(Symantec)公司的安全产品。ATP是一套用于挖掘并清除终端、网络和电子邮件网关等存在的高级威胁的软件;SES:CSP是一款轻量级的入侵检测和防御系统客户端产品;SDCS:SA为软件定义数据中心的物理和虚拟服务器提供了安全防护。 多款Symantec和Norton产品的AntiVirus Decomposer引擎的Dec2LHA中存在缓冲区溢出漏洞。攻击者可借助特制的文件利用该漏洞造成拒绝服务,或执行任意代码。
Severity
Patch Name
多款Symantec和Norton产品缓冲区溢出漏洞的补丁
Patch Description
Symantec Advanced Threat Protection(ATP)、Symantec Embedded Security:Critical System Protection(SES:CSP)和Symantec Data Center Security: Server Advanced(SDCS:SA)都是美国赛门铁克(Symantec)公司的安全产品。ATP是一套用于挖掘并清除终端、网络和电子邮件网关等存在的高级威胁的软件;SES:CSP是一款轻量级的入侵检测和防御系统客户端产品;SDCS:SA为软件定义数据中心的物理和虚拟服务器提供了安全防护。 多款Symantec和Norton产品的AntiVirus Decomposer引擎的Dec2LHA中存在缓冲区溢出漏洞。攻击者可借助特制的文件利用该漏洞造成拒绝服务,或执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00

Reference
http://packetstormsecurity.com/files/137707/Symantec-dec2lha-Remote-Stack-Buffer-Overflow.html
Impacted products
Name
['Symantec Advanced Threat Protection (ATP)', 'Symantec Web Gateway', 'Symantec Endpoint Protection (SEP) for Mac', 'Symantec Endpoint Protection (SEP) for Linux <12.1 RU6 MP5', 'Symantec Protection Engine (SPE) <7.0.5 HF01', 'Symantec Protection Engine (SPE) 7.5.4,<HF01', 'Symantec Protection Engine (SPE) 7.8.0,< HF01', 'Symantec Protection for SharePoint Servers (SPSS) >=6.0.3,<=6.0.5 HF 1.5', 'Symantec Protection for SharePoint Servers (SPSS) 6.0.6,<HF 1.6', 'Symantec Mail Security for Microsoft Exchange (SMSMSE) <7.0_3966002 HF1.1', 'Symantec Mail Security for Microsoft Exchange (SMSMSE) 7.5.x,<7.5_3966008 VHF1.2', 'Symantec Mail Security for Domino (SMSDOM) <8.0.9 HF1.1', 'Symantec Mail Security for Domino (SMSDOM) 8.1.x,<8.1.3 HF1.2', 'Symantec Message Gateway (SMG) <10.6.1-4', 'Symantec Message Gateway for Service Providers (SMG-SP) 10.5,<patch 254', 'Symantec Message Gateway for Service Providers (SMG-SP) 10.6,<patch 253', 'Norton Bootable Removal Tool (NBRT) <=2016.1', 'Norton Power Eraser (NPE) <=5.1', 'Norton Security for Mac <=13.0.2', 'Norton 360 <=NGC 22.7', 'Norton Internet Security <=NGC 22.7', 'Norton Security with Backup <=NGC 22.7', 'Norton Security <=NGC 22.7', 'Norton AntiVirus <=NGC 22.7', 'Norton Product Family <=NGC 22.7', 'Symantec CSAPI <=10.0.4', 'Symantec Endpoint Protection (SEP) <=12.1.6 MP4', 'Symantec Email Security Server .Cloud (ESS)', 'Symantec Symantec Web Security .Cloud', 'Symantec Data Center Security:Server (SDCS:S) 6.0', 'Symantec Data Center Security:Server (SDCS:S) 6.0MP1', 'Symantec Data Center Security:Server (SDCS:S) 6.5', 'Symantec Data Center Security:Server (SDCS:S) 6.5MP1', 'Symantec Data Center Security:Server (SDCS:S) 6.6', 'Symantec Data Center Security:Server (SDCS:S) 6.6MP1']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-2210"
    }
  },
  "description": "Symantec Advanced Threat Protection\uff08ATP\uff09\u3001Symantec Embedded Security:Critical System Protection\uff08SES:CSP\uff09\u548cSymantec Data Center Security: Server Advanced\uff08SDCS:SA\uff09\u90fd\u662f\u7f8e\u56fd\u8d5b\u95e8\u94c1\u514b\uff08Symantec\uff09\u516c\u53f8\u7684\u5b89\u5168\u4ea7\u54c1\u3002ATP\u662f\u4e00\u5957\u7528\u4e8e\u6316\u6398\u5e76\u6e05\u9664\u7ec8\u7aef\u3001\u7f51\u7edc\u548c\u7535\u5b50\u90ae\u4ef6\u7f51\u5173\u7b49\u5b58\u5728\u7684\u9ad8\u7ea7\u5a01\u80c1\u7684\u8f6f\u4ef6\uff1bSES:CSP\u662f\u4e00\u6b3e\u8f7b\u91cf\u7ea7\u7684\u5165\u4fb5\u68c0\u6d4b\u548c\u9632\u5fa1\u7cfb\u7edf\u5ba2\u6237\u7aef\u4ea7\u54c1\uff1bSDCS:SA\u4e3a\u8f6f\u4ef6\u5b9a\u4e49\u6570\u636e\u4e2d\u5fc3\u7684\u7269\u7406\u548c\u865a\u62df\u670d\u52a1\u5668\u63d0\u4f9b\u4e86\u5b89\u5168\u9632\u62a4\u3002\r\n\r\n\u591a\u6b3eSymantec\u548cNorton\u4ea7\u54c1\u7684AntiVirus Decomposer\u5f15\u64ce\u7684Dec2LHA\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff0c\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Tavis Ormandy with Google\u0027s Project Zero",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-04438",
  "openTime": "2016-07-04",
  "patchDescription": "Symantec Advanced Threat Protection\uff08ATP\uff09\u3001Symantec Embedded Security:Critical System Protection\uff08SES:CSP\uff09\u548cSymantec Data Center Security: Server Advanced\uff08SDCS:SA\uff09\u90fd\u662f\u7f8e\u56fd\u8d5b\u95e8\u94c1\u514b\uff08Symantec\uff09\u516c\u53f8\u7684\u5b89\u5168\u4ea7\u54c1\u3002ATP\u662f\u4e00\u5957\u7528\u4e8e\u6316\u6398\u5e76\u6e05\u9664\u7ec8\u7aef\u3001\u7f51\u7edc\u548c\u7535\u5b50\u90ae\u4ef6\u7f51\u5173\u7b49\u5b58\u5728\u7684\u9ad8\u7ea7\u5a01\u80c1\u7684\u8f6f\u4ef6\uff1bSES:CSP\u662f\u4e00\u6b3e\u8f7b\u91cf\u7ea7\u7684\u5165\u4fb5\u68c0\u6d4b\u548c\u9632\u5fa1\u7cfb\u7edf\u5ba2\u6237\u7aef\u4ea7\u54c1\uff1bSDCS:SA\u4e3a\u8f6f\u4ef6\u5b9a\u4e49\u6570\u636e\u4e2d\u5fc3\u7684\u7269\u7406\u548c\u865a\u62df\u670d\u52a1\u5668\u63d0\u4f9b\u4e86\u5b89\u5168\u9632\u62a4\u3002\r\n\r\n\u591a\u6b3eSymantec\u548cNorton\u4ea7\u54c1\u7684AntiVirus Decomposer\u5f15\u64ce\u7684Dec2LHA\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff0c\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eSymantec\u548cNorton\u4ea7\u54c1\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Symantec Advanced Threat Protection (ATP)",
      "Symantec Web Gateway",
      "Symantec Endpoint Protection (SEP) for Mac",
      "Symantec Endpoint Protection (SEP) for Linux \u003c12.1 RU6 MP5",
      "Symantec Protection Engine (SPE) \u003c7.0.5 HF01",
      "Symantec Protection Engine (SPE) 7.5.4\uff0c\u003cHF01",
      "Symantec Protection Engine (SPE) 7.8.0\uff0c\u003c HF01",
      "Symantec Protection for SharePoint Servers (SPSS) \u003e=6.0.3\uff0c\u003c=6.0.5 HF 1.5",
      "Symantec Protection for SharePoint Servers (SPSS) 6.0.6\uff0c\u003cHF 1.6",
      "Symantec Mail Security for Microsoft Exchange (SMSMSE)  \u003c7.0_3966002 HF1.1",
      "Symantec Mail Security for Microsoft Exchange (SMSMSE)  7.5.x\uff0c\u003c7.5_3966008 VHF1.2",
      "Symantec Mail Security for Domino (SMSDOM) \u003c8.0.9 HF1.1",
      "Symantec Mail Security for Domino (SMSDOM) 8.1.x\uff0c\u003c8.1.3 HF1.2",
      "Symantec Message Gateway (SMG) \u003c10.6.1-4",
      "Symantec Message Gateway for Service Providers (SMG-SP) 10.5\uff0c\u003cpatch 254",
      "Symantec Message Gateway for Service Providers (SMG-SP) 10.6\uff0c\u003cpatch 253",
      "Norton Bootable Removal Tool (NBRT) \u003c=2016.1",
      "Norton Power Eraser (NPE) \u003c=5.1",
      "Norton Security for Mac \u003c=13.0.2",
      "Norton 360 \u003c=NGC 22.7",
      "Norton Internet Security \u003c=NGC 22.7",
      "Norton Security with Backup \u003c=NGC 22.7",
      "Norton Security \u003c=NGC 22.7",
      "Norton AntiVirus \u003c=NGC 22.7",
      "Norton Product Family \u003c=NGC 22.7",
      "Symantec CSAPI \u003c=10.0.4",
      "Symantec Endpoint Protection (SEP) \u003c=12.1.6 MP4",
      "Symantec Email Security Server .Cloud (ESS)",
      "Symantec Symantec Web Security .Cloud",
      "Symantec Data Center Security:Server (SDCS:S)  6.0",
      "Symantec Data Center Security:Server (SDCS:S)  6.0MP1",
      "Symantec Data Center Security:Server (SDCS:S)  6.5",
      "Symantec Data Center Security:Server (SDCS:S)  6.5MP1",
      "Symantec Data Center Security:Server (SDCS:S)  6.6",
      "Symantec Data Center Security:Server (SDCS:S)  6.6MP1"
    ]
  },
  "referenceLink": "http://packetstormsecurity.com/files/137707/Symantec-dec2lha-Remote-Stack-Buffer-Overflow.html",
  "serverity": "\u9ad8",
  "submitTime": "2016-06-30",
  "title": "\u591a\u6b3eSymantec\u548cNorton\u4ea7\u54c1\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.