Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Rapid7 Spots Vulnerabilities

BOSTON -- Numerous flaws found in Symantec Scan Engine pose the risk of unauthorized access to critical data and malicious attacks, reports Rapid7 LLC in three security advisories issued Friday, April 21, 2006 (see http://www.rapid7.com/advisories/rapid7-advisories.html). Symantec Scan Engine v5.0.0.24 and earlier versions are affected.

Attacks can be carried out through vulnerabilities in the way Symantec Scan Engine handles authentication, server communications, and access to the installation directory. The flaws reported are as follows:

Symantec Scan Engine Authentication Fundamental Design Error

A design error in the authentication model used by the administrative interface, which the Rapid7 advisory states, “Allows any remote user to gain full administrative access to the server.”

Symantec Scan Engine Known Immutable DSA Private Key

Use of the same private DSA key by every installation of Symantec Scan Engine. The key cannot be changed by end-users and can be extracted easily from any installation of the product, rendering SSL protection useless since the private key is known universally. The Rapid7 advisory states, “A man-in-the-middle attacker could easily intercept and decrypt all communications between Symantec Scan Engine and an administrative client.”

Symantec Scan Engine Web Interface File Disclosure Vulnerability
A vulnerability that allows unauthenticated remote users to download any file located in the Symantec Scan Engine installation directory, which includes current virus definitions. The Rapid7 advisory states, “Knowledge of installed virus definitions will allow an attacker to determine what viruses can be used to infect the network without detection.”

According to Rapid7’s advisories, Symantec was notified and has released an upgrade to Symantec Scan Engine v5.1.0.7 or later. Rapid7 confirms that this new version corrects these flaws and advises customers to download them immediately. Symantec provides information and access to the upgrade at http://securityresponse.symantec.com/avcenter/security/Content/2006.04.2....

To protect its customers, Rapid7 has added vulnerability checks for these flaws to NeXpose, its enterprise vulnerability management solution.

Rapid7 LLC