Check Point Advisories

Update Protection against Symantec Alert Management System HNDLRSVC Arbitrary Command Execution

Check Point Reference: CPAI-2010-170
Date Published: 24 Sep 2010
Severity: Critical
Last Updated: Friday 01 January, 2010
Source: Discoverer's advisory
Protection Provided by:
Who is Vulnerable? Symantec Antivirus Corporate Edition 10.1.8.8000 and prior
Symantec Systems Center 10.1.8.8000 and prior
Symantec Client Security 3.1.8 and prior
Vulnerability Description An arbitrary command execution vulnerability exists in Symantec Alert Management System (AMS2) service shipped with multiple Symantec products. The AMS service starts an alert handler service, HNDLRSVC, that listens for commands from the AMS server. The service does not perform proper authentication checks before executing such commands. Remote attackers can exploit this vulnerability by sending a crafted packet to the target system, potentially leading to remote code execution.
Update/Patch AvaliableThe vendor has not released an advisory addressing this issue.
Vulnerability DetailsA design weakness vulnerability exists in Symantec alert handler service, HNDLRSVC, installed by the Alert Management System. Remote attackers can exploit this vulnerability by sending a crafted packet to the service. The affected service will also allow attackers to run programs from a remote network share.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK