Update Protection against Symantec Alert Management System Intel Alert Originator Service Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2009-089 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia advisory: SA34856 | |
| Industry Reference(s): | CVE-2009-1430 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Symantec Client Security 2.0.x prior to 2.0 MR7 Symantec Client Security 3.x prior to 3.1 MR8 Symantec AntiVirus Corporate Edition 9.0.x prior to 9.0 MR7 Symantec AntiVirus Corporate Edition 10.x prior to 10.1 MR8 Symantec Endpoint Protection 11.x prior to 11.0 MR3 | ||
| Vulnerability Description A buffer overflow vulnerability was reported in Symantec Alert Management System 2 (AMS2), specifically in its Alert Originator (IAO) service component. The vulnerability is due to a boundary error in the IAO service when processing crafted BIND messages. The vulnerability can be exploited by remote unauthenticated attackers to inject and execute arbitrary code on the target host. |
||
|
Update/Patch Available The vendor Symantec has released an advisory addressing this vulnerability. |
|
|
Vulnerability Details The vulnerability exists in the IAO Service of Symantec Alert Management System 2 (AMS2). Intel Alert Originator Service (IAO.EXE) does not properly validate data sent to it by the MsgSys.exe process. This could potentially lead to stack based buffer overflows that can be leverage by attackers to execute code on the target host. |
Protection Overview
This protection will detect and block invalid BIND requests to the IAO Service.
In order for the protection to be activated, update your Security Gateway/VPN-1/InterSpect product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.