Update Protection against Symantec Alert Management System HNDLRSVC Arbitrary Command Execution
| Check Point Reference: | CPAI-2010-170 | |
| Date Published: | ||
| Severity: | ||
| Source: | Discoverer's advisory | |
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? Symantec Antivirus Corporate Edition 10.1.8.8000 and prior Symantec Systems Center 10.1.8.8000 and prior Symantec Client Security 3.1.8 and prior | ||
| Vulnerability Description An arbitrary command execution vulnerability exists in Symantec Alert Management System (AMS2) service shipped with multiple Symantec products. The AMS service starts an alert handler service, HNDLRSVC, that listens for commands from the AMS server. The service does not perform proper authentication checks before executing such commands. Remote attackers can exploit this vulnerability by sending a crafted packet to the target system, potentially leading to remote code execution. |
||
|
Update/Patch Available The vendor has not released an advisory addressing this issue. |
|
|
Vulnerability Details A design weakness vulnerability exists in Symantec alert handler service, HNDLRSVC, installed by the Alert Management System. Remote attackers can exploit this vulnerability by sending a crafted packet to the service. The affected service will also allow attackers to run programs from a remote network share. |
Protection Overview
The protection will detect and block invalid packets between the AMS Client and Server applications.
To configure the defense, select your product from the list below and follow the related protection steps.