Vigil@nce: Symantec Veritas, remote access via Scheduler Service
August 2008 by Vigil@nce
SYNTHESIS
An attacker can use the port of Scheduler Service, to send it
packets in order to execute code.
Gravity: 2/4
Consequences: data flow
Provenance: internet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 18/08/2008
Identifier: VIGILANCE-VUL-8033
IMPACTED PRODUCTS
– Symantec Antivirus [confidential versions]
– Symantec Enterprise Security Manager
– Symantec Gateway Security [confidential versions]
– Symantec Norton AntiVirus
DESCRIPTION
The Symantec Scheduler service waits for messages from clients to
download security updates.
The port is always open, it is possible to send it packets to
change the service behavior.
An attacker can therefore send messages to the scheduler service,
in order to execute code.
CHARACTERISTICS
Identifiers: 306386, BID-30596, SYM08-015, VIGILANCE-VUL-8033