CVE-2011-0688
https://notcve.org/view.php?id=CVE-2011-0688
Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information. Intel Alert Management System(también conocido como AMS o AMS2), tal como se utiliza en Symantec Antivirus Corporate Edition (SAVCE) v10.x anterior a v10,1 MR10, Symantec System Center (SSC) v10.x, Symantec Quarantine Server v3.5 y v3.6, permite a atacantes remotos ejecutar comandos de su elección a través de mensajes manipulados a través de TCP, como lo descubrió Junaid Bohío, una vulnerabilidad diferente de CVE-2010-0110 y CVE-2010 0111. NOTA: algunos de estos detalles han sido obtenidos de información de terceros. • http://secunia.com/advisories/43099 http://securitytracker.com/id?1024996 http://www.securityfocus.com/bid/45936 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00 http://www.vupen.com/english/advisories/2011/0234 https://exchange.xforce.ibmcloud.com/vulnerabilities/65071 • CWE-287: Improper Authentication •
CVE-2010-0110 – Symantec AMS Intel Alert Service AMSSendAlertAct Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0110
Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allow remote attackers to execute arbitrary code via (1) a long string to msgsys.exe, related to the AMSSendAlertAct function in AMSLIB.dll in the Intel Alert Handler service (aka Symantec Intel Handler service); a long (2) modem string or (3) PIN number to msgsys.exe, related to pagehndl.dll in the Intel Alert Handler service; or (4) a message to msgsys.exe, related to iao.exe in the Intel Alert Originator service. Múltiples desbordamientos de búfer basados en pila en Intel Alert Management System (también conocido como AMS o AMS2), como es usado en Symantec AntiVirus Corporate Edition (SAVCE) v10.x anterior a v10.1 MR10, Symantec System Center (SSC) v10.x,y Symantec Quarantine Server v3.5 y v3.6, permite a atacantes remotos ejecutar código de su elección a través de (1) una cadena larga para msgsys.exe, relacionada con la función AMSSendAlertAct en AMSLIB.dll en el servicio Intel Alert Handler (también conocido como servicio Symantec Intel Handler); una larga (2)cadena modem o (3) número PIN para msgsys.exe, relacionado con pagehndl.dll en el servicio Intel Alert Handler; o (4) un mensaje para msgsys.exe, relacionado con iao.exe en el servicio Intel Alert Originator . This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Alert Management System. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AMSLIB.dll module while processing data sent from the msgsys.exe process which listens by default on TCP port 38292. The DLL allocates a fixed length stack buffer and subsequently copies a user-supplied string using memcpy without validating the size. • http://secunia.com/advisories/43099 http://secunia.com/advisories/43106 http://securitytracker.com/id?1024996 http://www.securityfocus.com/bid/45936 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_00 http://www.vupen.com/english/advisories/2011/0234 http://www.zerodayinitiative.com/advisories/ZDI-11-028 http://www.zerodayinitiative.com/advisories/ZDI-11-030 http://www.zerodayinitiative.com/advisories/ZDI-11-0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-0111 – Symantec Intel Alert Originator Service iao.exe Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0111
HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call. HDNLRSVC.EXE en el servicio Intel Alert Handler (también conocido como servicio Symantec Intel Handler) en Intel Alert Management System (también conocido como AMS o AMS2) como el utilizado en Symantec AntiVirus Corporate Edition (SAVCE) v10.x anterior a v10.1 MR10, Symantec System Center (SSC) v10.x, y Symantec Quarantine Server v3.5 y v3.6, permite a atacantes remotos ejecutar programas de su eleeción enviando msgsys.exe a una ruta de acceso compartido UNC que es usada directamente en la llamada CreateProcessA (también conocido como CreateProcess). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of multiple Symantec products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Intel Alert Originator (iao.exe) service. While processing messages sent from the msgsys.exe process a size check can be bypassed and a subsequent stack-based buffer overflow can be triggered. • http://secunia.com/advisories/43099 http://secunia.com/advisories/43106 http://securitytracker.com/id?1024997 http://www.securityfocus.com/bid/45935 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110126_01 http://www.vupen.com/english/advisories/2011/0234 http://www.zerodayinitiative.com/advisories/ZDI-11-029 https://exchange.xforce.ibmcloud.com/vulnerabilities/64942 https://exchange.xforce.ibmcloud.com/vulnerabilities/649 • CWE-20: Improper Input Validation •
CVE-2009-1431
https://notcve.org/view.php?id=CVE-2009-1431
XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary code by placing the code on a (1) share or (2) WebDAV server, and then sending the UNC share pathname to this service. XFR.EXE en el servicio Intel File Transfer en la consola en Symantec Alert Management System 2 (AMS2), tal como se utiliza en Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 anteriores a 9.0 MR7, 10.0 y 10.1 anteriores a 10.1 MR8, y 10.2 anteriores a 10.2 MR2; Symantec Client Security (SCS) 2 anteriores a 2.0 MR7 y 3 anteriores a 3.1 MR8; y Symantec Endpoint Protection (SEP) anteriores a 11.0 MR3, permite a atacantes remotos la ejecución de código arbitrario colocando el código en un (1) compartido o (2) servidor WebDAV y luego enviando la ruta al compartido UNC de este servicio. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=786 http://secunia.com/advisories/34856 http://www.securityfocus.com/bid/34675 http://www.securitytracker.com/id?1022130 http://www.securitytracker.com/id?1022131 http://www.securitytracker.com/id?1022132 http://www.symantec.com/security_response/securityupdates/detail.jsp? •
CVE-2009-1429 – Symantec Multiple Product Intel Alert Originator Service Command Execution Vulnerabilty
https://notcve.org/view.php?id=CVE-2009-1429
The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary commands via a crafted packet whose contents are interpreted as a command to be launched in a new process by the CreateProcessA function. El LANDesk Common Base Agent (CBA) de Intel en Alert Management System 2 (AMS2) de Symantec, tal y como es usado en System Center (SSS) de Symantec; AntiVirus Server de Symantec; AntiVirus Central Quarantine Server de Symantec; Symantec AntiVirus (SAV) Corporate Edition versiones 9 anteriores a 9.0 MR7, versiones 10.0 y 10.1 anteriores a 10.1 MR8, y versiones 10.2 anteriores a 10.2 MR2; Symantec Client Security (SCS) versiones 2 anteriores a 2.0 MR7 y versiones 3 anteriores a 3.1 MR8; y Symantec Endpoint Protection (SEP) anterior a versión 11.0 MR3, permite a atacantes remotos ejecutar comandos arbitrarios por medio de un paquete diseñado cuyo contenido se interpreta como un comando para ser iniciado en un nuevo proceso mediante la función CreateProcessA. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Symantec AntiVirus Corporate Edition, Symantec Client Security and Symantec Endpoint Protection. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Intel LANDesk Common Base Agent bundled with the affected products. When a specially crafted packet is sent to TCP port 12174, the contents of the packet are passed directly to a call to CreateProcessA() as the lpCommandLine argument. • https://www.exploit-db.com/exploits/10340 https://www.exploit-db.com/exploits/17699 http://osvdb.org/54157 http://secunia.com/advisories/34856 http://securityreason.com/securityalert/8346 http://www.securityfocus.com/bid/34671 http://www.securitytracker.com/id?1022130 http://www.securitytracker.com/id?1022131 http://www.securitytracker.com/id?1022132 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02 h • CWE-94: Improper Control of Generation of Code ('Code Injection') •