Endpoint Protection

 View Only

  • 1.  Regarding SEP vulnerability

    Posted Dec 18, 2012 11:39 AM

    SEP vulnerability

    Impact - Attackers can exploit this issue to execute arbitrary PHP code in the context of the application.

     

    This mail i have recieved from our team, what it meant and how to sort out?



  • 2.  RE: Regarding SEP vulnerability

    Posted Dec 18, 2012 11:48 AM

    What is the exact vulnerability? You need to ask your team for the report or at least the name of the vulnerability



  • 3.  RE: Regarding SEP vulnerability

    Posted Dec 18, 2012 11:48 AM

    Find the attach forum for your refference

    https://www-secure.symantec.com/connect/forums/web-attack-exploit-kit-variant-activity-2#comment-5735651



  • 4.  RE: Regarding SEP vulnerability

    Posted Dec 18, 2012 12:04 PM

    Hi

    I have got mail with subject of "Symantec Endpoint Protection Manager CVE-2012-4348 Remote Code Execution Vulnerability". I have got these type of mail first time, so i don't know about the exact problem.



  • 5.  RE: Regarding SEP vulnerability
    Best Answer

    Posted Dec 18, 2012 12:07 PM

    What is the your current running version?

    Find the attach link for your help

    http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20121210_00

    As per your mention Vulnerability below are affected product and Solution.

    Affected Products

     

     

    SEPM PHP Script Insufficient Validation Remote Code Execution - High

    Product

    Version

    Build

    Solution(s)

    Symantec Endpoint Protection(Management Console)

    11.0

    All

    Upgrade to SEP 11.0 RU7-MP3 SEP 12.1RU2

    Symantec Endpoint Protection Small Business Edition(Management Console)

    12.0

    All

    Upgrade to SEP12.1 RU2

    Symantec Endpoint Protection(Management Console)

    12.1

    All

    Upgrade to SEP 12.1 RU2

    SNAC Unquoted path potential arbitrary execution

    Symantec Network Access Control

    12.1

    All

    Upgrade to SEP 12.1 RU2

    NOTE: In SEP12.1, The SNAC service is set to manual unless/until an SNAC license is applied to the via the management server.



  • 6.  RE: Regarding SEP vulnerability

    Posted Dec 18, 2012 12:17 PM

    This looks to be a brand new vulnerability. See here:

    http://www.securityfocus.com/bid/56846

    As of right now it does not appear 12.1.2 is affected. I would suggest upgrading to SEP 12.1.2



  • 7.  RE: Regarding SEP vulnerability

    Posted Dec 18, 2012 12:17 PM

    Current Version -  SEP 11.0 RU7-MP1.



  • 8.  RE: Regarding SEP vulnerability

    Posted Dec 18, 2012 12:19 PM

    This is affected than . It looks like SEP 12.1.2 is not.



  • 9.  RE: Regarding SEP vulnerability

    Posted Dec 18, 2012 12:21 PM

    See here:

    Symantec Endpoint Protection Manager CVE-2012-4348 Remote Code Execution Vulnerability

    Symantec Endpoint Protection (SEP) Manager is prone to a remote code-execution vulnerability.

    Attackers can exploit this issue to execute arbitrary PHP code in the context of the application.

    This issue is fixed in the following versions:

    Symantec Endpoint Protection 11.0 RU7-MP3
    Symantec Endpoint Protection 12.1 RU2

    You need to upgrade to RU7 MP3 or 12.1 RU2

    http://www.securityfocus.com/bid/56846/discuss



  • 10.  RE: Regarding SEP vulnerability

    Posted Dec 18, 2012 12:25 PM

    Thanks for the reverts. I will be read the same.