Vigil@nce: Symantec Veritas, remote access via Scheduler Service
August 2008 by Vigil@nce
An attacker can use the port of Scheduler Service, to send it packets in order to execute code.
Consequences: data flow
Provenance: internet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 18/08/2008
Symantec Antivirus [confidential versions]
Symantec Enterprise Security Manager
Symantec Gateway Security [confidential versions]
Symantec Norton AntiVirus
The Symantec Scheduler service waits for messages from clients to download security updates.
The port is always open, it is possible to send it packets to change the service behavior.
An attacker can therefore send messages to the scheduler service, in order to execute code.
Identifiers: 306386, BID-30596, SYM08-015, VIGILANCE-VUL-8033