BOSTON -- Numerous flaws found in Symantec Scan Engine pose the risk of unauthorized access to critical data and malicious attacks, reports Rapid7 LLC in three security advisories issued Friday, April 21, 2006 (see http://www.rapid7.com/advisories/rapid7-advisories.html). Symantec Scan Engine v126.96.36.199 and earlier versions are affected.
Attacks can be carried out through vulnerabilities in the way Symantec Scan Engine handles authentication, server communications, and access to the installation directory. The flaws reported are as follows:
Symantec Scan Engine Authentication Fundamental Design Error
A design error in the authentication model used by the administrative interface, which the Rapid7 advisory states, Allows any remote user to gain full administrative access to the server.
Symantec Scan Engine Known Immutable DSA Private Key
Use of the same private DSA key by every installation of Symantec Scan Engine. The key cannot be changed by end-users and can be extracted easily from any installation of the product, rendering SSL protection useless since the private key is known universally. The Rapid7 advisory states, A man-in-the-middle attacker could easily intercept and decrypt all communications between Symantec Scan Engine and an administrative client.
Symantec Scan Engine Web Interface File Disclosure Vulnerability
A vulnerability that allows unauthenticated remote users to download any file located in the Symantec Scan Engine installation directory, which includes current virus definitions. The Rapid7 advisory states, Knowledge of installed virus definitions will allow an attacker to determine what viruses can be used to infect the network without detection.
According to Rapid7s advisories, Symantec was notified and has released an upgrade to Symantec Scan Engine v188.8.131.52 or later. Rapid7 confirms that this new version corrects these flaws and advises customers to download them immediately. Symantec provides information and access to the upgrade at http://securityresponse.symantec.com/avcenter/security/Content/2006.04.2....
To protect its customers, Rapid7 has added vulnerability checks for these flaws to NeXpose, its enterprise vulnerability management solution.