Update Protection against Symantec Alert Management System HNDLRSVC Arbitrary Command Execution Vulnerability
| Check Point Reference: | CPAI-2010-259 | |
| Date Published: | ||
| Severity: | ||
| Source: | SecurityFocus ID: 41959 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Symantec Antivirus Corporate Edition 10.1.8.8000 and prior
Symantec Systems Center 10.1.8.8000 and prior
Symantec Client Security 3.1.8 and prior
| ||
| Vulnerability Description An arbitrary command execution vulnerability has been reported in Symantec Alert Management System (AMS2) service. The AMS2 starts multiple services on the system that include an alert handler service from Intel Corporation called the AMS2 Handler Manager Service (HNDLRSVC.EXE). Multiple products from Symantec are shipped with AMS Server and Client components. A remote attacker may exploit this vulnerability to inject and execute arbitrary code on the target host. |
||
|
Vulnerability Details The vulnerability is due to an error in the alert handler service, HNDLRSVC, that listens for commands from the AMS server but does not perform proper authentication checks before executing such commands. A remote attacker could exploit this vulnerability by sending a specially crafted packet to the target service. Successful exploitation of this issue would allow the attacker to execute arbitrary code on an affected system. |
Protection Overview
This protection detects and blocks attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection taband select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.