This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:SYMC:AMS-HNDLRSVC-RCE
|
Severity |
Critical
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
APP
|
Keywords |
Symantec Alert Management System HNDLRSVC Remote Command Execution
|
Release Date |
2010/09/29
|
Update Number |
1782
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: Symantec Alert Management System HNDLRSVC Remote Command Execution
This signature detects attempts to exploit a known vulnerability in the Symantec Alert Management System (AMS2) service shipped with multiple Symantec products.. The AMS service starts an alert handler service, HNDLRSVC, that listens for commands from the AMS server, but does not perform proper authentication checks before executing such commands. Remote unauthenticated attackers can exploit this by sending a crafted packet to the target service and execute arbitrary programs with the SYSTEM privileges.
Extended Description
Symantec Antivirus Corporate Edition is prone to a remote privilege-escalation vulnerability. This issue affects the Alert Management Service.
Attackers can exploit this issue to gain SYSTEM-level privileges on an affected computer.
Symantec Antivirus Corporate Edition 10.1.8.8000 is vulnerable; other versions may also be affected.
Affected Products
- Symantec antivirus_corporate_edition 10.0.0
- Symantec antivirus_corporate_edition 10.0.0.359
- Symantec antivirus_corporate_edition 10.0.1.1000
- Symantec antivirus_corporate_edition 10.0.1.1001 (MR1-PP1)
- Symantec antivirus_corporate_edition 10.0.1.1003 (MR1-PP2)
- Symantec antivirus_corporate_edition 10.0.1.1007
- Symantec antivirus_corporate_edition 10.0.1.1008
- Symantec antivirus_corporate_edition 10.0.1.1009 (MR1-PP9)
- Symantec antivirus_corporate_edition 10.0.2.2000
- Symantec antivirus_corporate_edition 10.0.2 .2001
- Symantec antivirus_corporate_edition 10.0.2.2002
- Symantec antivirus_corporate_edition 10.0.2.2010
- Symantec antivirus_corporate_edition 10.0.2.2011
- Symantec antivirus_corporate_edition 10.0.2.2020
- Symantec antivirus_corporate_edition 10.0.2.2021
- Symantec antivirus_corporate_edition 10.1
- Symantec antivirus_corporate_edition 10.1.0.394
- Symantec antivirus_corporate_edition 10.1.0.396
- Symantec antivirus_corporate_edition 10.1.0.400
- Symantec antivirus_corporate_edition 10.1.0.401
- Symantec antivirus_corporate_edition 10.1.4
- Symantec antivirus_corporate_edition 10.1.4.4000 (MR4)
- Symantec antivirus_corporate_edition 10.1.4.4010
- Symantec antivirus_corporate_edition 10.1.4 MR4 MP1 - build 4010
- Symantec antivirus_corporate_edition 10.1.5.5000 (MR5)
- Symantec antivirus_corporate_edition 10.1.5.5001 (MR5-PP1)
- Symantec antivirus_corporate_edition 10.1.5.5010 (MR5-MP1)
- Symantec antivirus_corporate_edition 10.1.6.600
- Symantec antivirus_corporate_edition 10.1.6.6000
- Symantec antivirus_corporate_edition 10.1.6.6010 (MR6-MP1)
- Symantec antivirus_corporate_edition 10.1.7.7000 (MR7)
- Symantec antivirus_corporate_edition 10.1.8.8000
- Symantec antivirus_corporate_edition 10.1 MR6
- Symantec antivirus_corporate_edition 10.1 MR6 MP1
- Symantec antivirus_corporate_edition 10.1 MR7
- Symantec antivirus_corporate_edition 10.1 MR8
- Symantec antivirus_corporate_edition 10.1 MR9
- Symantec antivirus_corporate_edition 8.0.0
- Symantec antivirus_corporate_edition 8.0.0 1
- Symantec antivirus_corporate_edition 8.0.0 1.425a/b
- Symantec antivirus_corporate_edition 8.0.0 1.429c
- Symantec antivirus_corporate_edition 8.0.0 1.501
- Symantec antivirus_corporate_edition 8.0.0 1.9374
- Symantec antivirus_corporate_edition 8.0.0 1.9378
- Symantec antivirus_corporate_edition 8.1.0
- Symantec antivirus_corporate_edition 8.1.0 .0.825a
- Symantec antivirus_corporate_edition 8.1.0 build 8.01.434
- Symantec antivirus_corporate_edition 8.1.0 build 8.01.437
- Symantec antivirus_corporate_edition 8.1.0 build 8.01.446
- Symantec antivirus_corporate_edition 8.1.0 build 8.01.457
- Symantec antivirus_corporate_edition 8.1.0 build 8.01.460
- Symantec antivirus_corporate_edition 8.1.0 build 8.01.464
- Symantec antivirus_corporate_edition 8.1.0 build 8.01.471
- Symantec antivirus_corporate_edition 8.1.1
- Symantec antivirus_corporate_edition 8.1.1 .366
- Symantec antivirus_corporate_edition 8.1.1 .377
- Symantec antivirus_corporate_edition 8.1.1 Build 393
- Symantec antivirus_corporate_edition 8.1.1 build 8.1.1.314a
- Symantec antivirus_corporate_edition 8.1.1 build 8.1.1.319
- Symantec antivirus_corporate_edition 8.1.1 build 8.1.1.323
- Symantec antivirus_corporate_edition 8.1.1 build 8.1.1.329
- Symantec antivirus_corporate_edition 8.1.1 MR9
- Symantec antivirus_corporate_edition 9.0.0
- Symantec antivirus_corporate_edition 9.0.0 .0.338
- Symantec antivirus_corporate_edition 9.0.0.1300 (STM-PP1)
- Symantec antivirus_corporate_edition 9.0.0.1400 (STM-PP2)
- Symantec antivirus_corporate_edition 9.0.1.1000 (MR1)
- Symantec antivirus_corporate_edition 9.0.1.1001 (MR1-PP1)
- Symantec antivirus_corporate_edition 9.0.1 .1.1000
- Symantec antivirus_corporate_edition 9.0.1.1100 (MR1-MP1)
- Symantec antivirus_corporate_edition 9.0.2 .1000
- Symantec antivirus_corporate_edition 9.0.3 .1000
- Symantec antivirus_corporate_edition 9.0.3.1100 (MR3-MP1)
- Symantec antivirus_corporate_edition 9.0.4
- Symantec antivirus_corporate_edition 9.0.4 MR4 build 1000
- Symantec antivirus_corporate_edition 9.0.5
- Symantec antivirus_corporate_edition 9.0.5.1000 (MR5)
- Symantec antivirus_corporate_edition 9.0.5.1001 (MR5-PP1)
- Symantec antivirus_corporate_edition 9.0.5.1100
- Symantec antivirus_corporate_edition 9.0.6.1000
- Symantec antivirus_corporate_edition 9.0.6.1000 (MR6)
- Symantec antivirus_corporate_edition 9.0.6 MR6 MP1 - build 1100
- Symantec antivirus_corporate_edition 9.0 MR7
- Symantec antivirus_corporate_edition 9 MR6 MP1
References