NESSUS security scanner shows vulnerability in LiveUpdate Administrator 2.3
|Article:TECH177153|||||Created: 2011-12-16|||||Updated: 2012-10-12|||||Article URL http://www.symantec.com/docs/TECH177153|
NESSUS security scanner shows vulnerability in Live Update Administrator v 2.3.0.
Customer uses NESSUS Security scanner. Scanner is detecting a "vulnerability" in Symantec LiveUpdate Administrator version 2.3 (LUA 2.3).
Symantec Connect forums (public), informs that LUA 2.3.0 and earlier have reached "End of life", and instruct customers to contact support to obtain an upgrade to LUA 2.3.1.
LUA 220.127.116.11 and earlier did have one known vulnerability: SYM11-005: LUA Cross-Site Request Forgery vulnerability (CVE-2011-0545)
NESSUS reportedly detects an issue with LUA 2.3, but there is no corresponding CVE or known vulnerability.
LUA 2.3.1 can be downloaded from FileShare by any customer (excluding those located in China). LUA 2.3.1 has not returned a similar alert, in limited testing.
Customer can contact Symantec Support for FileShare credentials to download LUA 2.3.1 or latest version 2.3.2.
Article URL http://www.symantec.com/docs/TECH177153