NESSUS security scanner shows vulnerability in LiveUpdate Administrator 2.3

Article:TECH177153  |  Created: 2011-12-16  |  Updated: 2012-10-12  |  Article URL http://www.symantec.com/docs/TECH177153
Article Type
Technical Solution


Issue



NESSUS security scanner shows vulnerability in Live Update Administrator v 2.3.0.

 


Error



Customer uses NESSUS Security scanner.  Scanner is detecting a "vulnerability" in Symantec LiveUpdate Administrator version 2.3 (LUA 2.3).

Symantec Connect forums (public), informs that LUA 2.3.0 and earlier have reached "End of life", and instruct customers to contact support to obtain an upgrade to LUA 2.3.1.

 


Cause



LUA 2.2.2.9 and earlier did have one known vulnerability: SYM11-005: LUA Cross-Site Request Forgery vulnerability (CVE-2011-0545)

NESSUS reportedly detects an issue with LUA 2.3, but there is no corresponding CVE or known vulnerability.  

LUA 2.3.1 can be downloaded from FileShare by any customer (excluding those located in China).  LUA 2.3.1 has not returned a similar alert, in limited testing.


Solution



Customer can contact Symantec Support for FileShare credentials to download LUA 2.3.1 or latest version 2.3.2.


http://aka-community.symantec.com/connect/ja/articles/liveupdate-administrator-231-whats-new



Article URL http://www.symantec.com/docs/TECH177153


Terms of use for this information are found in Legal Notices