----------------------------------------------------------------------

Secunia is pleased to announce the release of the annual Secunia
report for 2008.

Highlights from the 2008 report:
 * Vulnerability Research
 * Software Inspection Results
 * Secunia Research Highlights
 * Secunia Advisory Statistics

Request the full 2008 Report here:
http://secunia.com/advisories/try_vi/request_2008_report/

Stay Secure,

Secunia


----------------------------------------------------------------------

TITLE:
Symantec Products Alert Management System 2 Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA34856

VERIFY ADVISORY:
http://secunia.com/advisories/34856/

DESCRIPTION:
Some vulnerabilities have been reported in various Symantec products,
which can be exploited by malicious, local users to potentially gain
escalated privileges and by malicious people to compromise a
vulnerable system.

1) An unspecified error in the Intel LANDesk Common Base Agent (CBA)
can be exploited to pass packet content as an argument to
"CreateProcessA()". This can be exploited to execute arbitrary
commands with SYSTEM privileges by sending a specially crafted packet
to TCP port 12174.

2) A boundary error in the Intel Alert Originator service (iao.exe)
can be exploited to cause a stack-based buffer overflow by sending a
specially crafted packet to TCP port 38292.

Successful exploitation allows execution of arbitrary code with
SYSTEM privileges.

3) A boundary error exists in the Intel Alert Originator Service
(iao.exe) when processing input from the MsgSys.exe process, which
can be exploited to cause a stack-based buffer overflow.

Successful exploitation allows execution of arbitrary code with
SYSTEM privileges.

4) A design error in the Intel File Transfer service (XFR.EXE) can be
exploited to execute arbitrary code with SYSTEM privileges on a
vulnerable system if the attacker is able to establish a TCP session
with a vulnerable host.

The vulnerabilities affect the following products and versions:
* Symantec AntiVirus Corporate Edition 9.0 MR6 and prior, 10.0 (all
versions), 10.1 MR7 and prior, and 10.2 MR1 and prior.
* Symantec Client Security 2.0 MR6 and prior, 3.0 (all versions), and
3.1 MR7 and prior.
* Symantec Endpoint Protection 11.0 MR2 and prior.

SOLUTION:
Update to the latest versions.

Symantec AntiVirus Corporate Edition:
Update to SAV 9.0 MR7, SAV 10.1 MR8, or SAV 10.2 MR2.

Symantec Client Security:
Update to SCS 2.0 MR7 or SCS 3.1 MR8.

Symantec Endpoint Protection:
Update to SEP 11.0 MR3.

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Tenable Network Security, working with the
ZDI.
2) Sebastian Apelt, reported via ZDI.
3) The vendor credits Sebastian Apelt, working with the ZDI.
4) The vendor credits an anonymous person, working with iDefense.

ORIGINAL ADVISORY:
SYM09-007:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-018/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------