Update Protection against Symantec Antivirus Intel Alert Handler Service Denial of Service Vulnerability
| Check Point Reference: | CPAI-2011-019 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA43099 | |
| Industry Reference(s): | CVE-2010-0111 CVE-2011-1206 |
|
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Symantec Antivirus Corporate Edition 10.1.8.8000 and prior Symantec System Center 10.1.8.8000 and prior Symantec Client Security 3.1.8 and prior | ||
| Vulnerability Description A denial of service vulnerability has been reported in Symantec's Antivirus Intel Alert Handler service. The Symantec System Center includes an optional component called the Alert Management System (AMS2). The AMS2 starts multiple services on the system that include an alert handler service from Intel Corporation called the AMS2 Handler Manager Service (HNDLRSVC.EXE). A remote attacker may exploit this vulnerability to create a denial of service condition on an affected system. |
||
|
Vulnerability Details The vulnerability is due to an input validation error in the Symantec's Antivirus Intel Alert Handler service when handling the arguments passed in AMS messages sent to the affected service. A remote attacker may exploit this issue by sending a crafted packet, containing a malicious size value, to the target service. Successful exploitation of this vulnerability would result in termination of the affected service, causing a denial of service condition. |
Protection Overview
This protection detects and blocks crafted packets containing a malicious size value sent to the affected service.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection taband select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.