Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 APP:SYMC:AGENT-RM-CMD

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 Symantec Common Base Agent Remote Command Execution

Release Date

 2009/05/27

Update Number

 1434

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: Symantec Common Base Agent Remote Command Execution


This signature detects attempts to exploit a known vulnerability against Symantec AntiVirus Corporate Edition, Symantec Client Security and Symantec Endpoint Protection. A successful attack can lead to arbitrary code execution.

Extended Description

The AMS2 (Alert Management Systems 2) component of multiple Symantec products is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input. Successfully exploiting this issue will allow an attacker to execute arbitrary commands with SYSTEM-level privileges, completely compromising affected computers. Failed exploit attempts will result in a denial-of-service condition.

Affected Products

  • Symantec AntiVirus Corporate Edition 10.0.0.359
  • Symantec AntiVirus Corporate Edition 10.0.1.1000
  • Symantec AntiVirus Corporate Edition 10.0.1.1001 (MR1-PP1)
  • Symantec AntiVirus Corporate Edition 10.0.1.1003 (MR1-PP2)
  • Symantec AntiVirus Corporate Edition 10.0.1.1007
  • Symantec AntiVirus Corporate Edition 10.0.1.1008
  • Symantec AntiVirus Corporate Edition 10.0.1.1009 (MR1-PP9)
  • Symantec AntiVirus Corporate Edition 10.0.2.2000
  • Symantec AntiVirus Corporate Edition 10.0.2 .2001
  • Symantec AntiVirus Corporate Edition 10.0.2.2002
  • Symantec AntiVirus Corporate Edition 10.0.2.2010
  • Symantec AntiVirus Corporate Edition 10.0.2.2011
  • Symantec AntiVirus Corporate Edition 10.0.2.2020
  • Symantec AntiVirus Corporate Edition 10.0.2.2021
  • Symantec AntiVirus Corporate Edition 10.1
  • Symantec AntiVirus Corporate Edition 10.1.0.394
  • Symantec AntiVirus Corporate Edition 10.1.0.396
  • Symantec AntiVirus Corporate Edition 10.1.0.400
  • Symantec AntiVirus Corporate Edition 10.1.0.401
  • Symantec AntiVirus Corporate Edition 10.1.4
  • Symantec AntiVirus Corporate Edition 10.1.4.4000 (MR4)
  • Symantec AntiVirus Corporate Edition 10.1.4.4010
  • Symantec AntiVirus Corporate Edition 10.1.4 MR4 MP1 - build 4010
  • Symantec AntiVirus Corporate Edition 10.1.5.5000 (MR5)
  • Symantec AntiVirus Corporate Edition 10.1.5.5001 (MR5-PP1)
  • Symantec AntiVirus Corporate Edition 10.1.5.5010 (MR5-MP1)
  • Symantec AntiVirus Corporate Edition 10.1.6.600
  • Symantec AntiVirus Corporate Edition 10.1.6.6000
  • Symantec AntiVirus Corporate Edition 10.1.6.6010 (MR6-MP1)
  • Symantec AntiVirus Corporate Edition 10.1.7.7000 (MR7)
  • Symantec AntiVirus Corporate Edition 10.1 MR6
  • Symantec AntiVirus Corporate Edition 10.1 MR6 MP1
  • Symantec AntiVirus Corporate Edition 10.1 MR7
  • Symantec AntiVirus Corporate Edition 10.2
  • Symantec AntiVirus Corporate Edition 10.2.0.276 (STM 32-Bit)
  • Symantec AntiVirus Corporate Edition 10.2.0.298 (STM 64-Bit)
  • Symantec AntiVirus Corporate Edition 10.2.0.313 (STM-PP1)
  • Symantec AntiVirus Corporate Edition 10.2.1.1000 (MR1)
  • Symantec AntiVirus Corporate Edition 10.2 MR1
  • Symantec AntiVirus Corporate Edition 9.0.0 .0.338
  • Symantec AntiVirus Corporate Edition 9.0.0.1300 (STM-PP1)
  • Symantec AntiVirus Corporate Edition 9.0.0.1400 (STM-PP2)
  • Symantec AntiVirus Corporate Edition 9.0.1.1000 (MR1)
  • Symantec AntiVirus Corporate Edition 9.0.1.1001 (MR1-PP1)
  • Symantec AntiVirus Corporate Edition 9.0.1.1100 (MR1-MP1)
  • Symantec AntiVirus Corporate Edition 9.0.2 .1000
  • Symantec AntiVirus Corporate Edition 9.0.3 .1000
  • Symantec AntiVirus Corporate Edition 9.0.3.1100 (MR3-MP1)
  • Symantec AntiVirus Corporate Edition 9.0.4
  • Symantec AntiVirus Corporate Edition 9.0.4 MR4 build 1000
  • Symantec AntiVirus Corporate Edition 9.0.5
  • Symantec AntiVirus Corporate Edition 9.0.5.1000 (MR5)
  • Symantec AntiVirus Corporate Edition 9.0.5.1001 (MR5-PP1)
  • Symantec AntiVirus Corporate Edition 9.0.5.1100
  • Symantec AntiVirus Corporate Edition 9.0.6.1000
  • Symantec AntiVirus Corporate Edition 9.0.6.1000 (MR6)
  • Symantec AntiVirus Corporate Edition 9.0.6 MR6 MP1 - build 1100
  • Symantec AntiVirus Corporate Edition 9 MR6 MP1
  • Symantec Client Security 2.0.0.1300 (STM-PP1)
  • Symantec Client Security 2.0.0.1400 (STM-PP2)
  • Symantec Client Security 2.0.0.338 (STM)
  • Symantec Client Security 2.0.1.1000 (MR1)
  • Symantec Client Security 2.0.1.1001 (MR1-PP1)
  • Symantec Client Security 2.0.1.1100 (MR1-MP1)
  • Symantec Client Security 2.0.2.1000 (MR2)
  • Symantec Client Security 2.0.3.1000 (MR3)
  • Symantec Client Security 2.0.4
  • Symantec Client Security 2.0.4 MR4 build 1000
  • Symantec Client Security 2.0.5.1000 (MR5)
  • Symantec Client Security 2.0.5.1001 (MR5-PP1)
  • Symantec Client Security 2.0.5 build 1100
  • Symantec Client Security 2.0.6.1000 (MR6)
  • Symantec Client Security 2.0.6 MR6
  • Symantec Client Security 2.0.6 MR6 MP1 - build 1100
  • Symantec Client Security 2.0 MR6 MP1
  • Symantec Client Security 3.0.0.359
  • Symantec Client Security 3.0.1.1000
  • Symantec Client Security 3.0.1.1001
  • Symantec Client Security 3.0.1.1003 (MR1-PP2)
  • Symantec Client Security 3.0.1.1007
  • Symantec Client Security 3.0.1.1008
  • Symantec Client Security 3.0.1.1009 (MR1-PP9)
  • Symantec Client Security 3.0.2.2000
  • Symantec Client Security 3.0.2.2001
  • Symantec Client Security 3.0.2.2002
  • Symantec Client Security 3.0.2.2010
  • Symantec Client Security 3.0.2.2011
  • Symantec Client Security 3.0.2.2020
  • Symantec Client Security 3.0.2.2021
  • Symantec Client Security 3.1
  • Symantec Client Security 3.1.0.394
  • Symantec Client Security 3.1.0.396
  • Symantec Client Security 3.1.0.400
  • Symantec Client Security 3.1.0.401
  • Symantec Client Security 3.1.4.4000 (MR4)
  • Symantec Client Security 3.1.4 MR4 MP1 - build 4010
  • Symantec Client Security 3.1.5.5000 (MR5)
  • Symantec Client Security 3.1.5.5001 (MR5-PP1)
  • Symantec Client Security 3.1.5.5010 (MR5-MP1)
  • Symantec Client Security 3.1.6.6000
  • Symantec Client Security 3.1.6.6010 (MR6-MP1)
  • Symantec Client Security 3.1.7.7000 (MR7)
  • Symantec Client Security 3.1 MR6
  • Symantec Client Security 3.1 MR6 MP1
  • Symantec Client Security 3.1 MR7
  • Symantec Endpoint Protection 11.0
  • Symantec Endpoint Protection 11.0.1000.1375 (MR1)
  • Symantec Endpoint Protection 11.0.1002.1378 (MR1-PP2)
  • Symantec Endpoint Protection 11.0.1005.1428 (MR1-PP5)
  • Symantec Endpoint Protection 11.0.2000.1567 (MR2)
  • Symantec Endpoint Protection 11.0.2001.10 (MR2-PP1)
  • Symantec Endpoint Protection 11.0.2010.25 (MR2-MP1)
  • Symantec Endpoint Protection 11.0.2020.56 (MR2-MP2)
  • Symantec Endpoint Protection 11.0.780.1109 (STM)
  • Symantec Endpoint Protection 11.0.781.1287 (STM-PP1)
  • Symantec Endpoint Protection 11.0 MR1
  • Symantec Endpoint Protection 11.0 MR2

References

  • BugTraq: 34671
  • CVE: CVE-2009-1429
  • URL: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out