Hi,
The context:
1. There is
CVE-2009-1429 vulnerability (http://webact.symantec.com/en/uk/business/security_response/attacksignatures/detail.jsp?asid=23357) related (among others) to Intel LANDesk Common Base Agent (CBA) component of AMS2 (TCP port 12174)
2. There is MR8 patch supposed to fix the issue:
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20090428_02
===
I tested 2 cases in my lab:
1. SAVCE 10.x installation with aplied MR8 fix - all works fine (none of the
CVE-2009-1429 vulnerabilities can be exploited). There is no Intel LANDesk Common Base Agent (CBA) component enabled.
2. SAVCE9 to SAVCE10 upgrade with aplied MR8 fix. Unfortunatelly after upgrade we can see Intel LANDesk Common Base Agent (CBA) component enabled (TCP port 12174) and we can exploit it.
====
We have many customers which followed the SAVCE9 to SAVCE10 migration some time ago and now we need a solution for them. The problem is that after the migration the Intel LANDesk Common Base Agent (CBA) is enabled in SAVCE 10.
Does somebody know why this component is still enabled after migration? For legacy support? Could we disable it somehow?
Thanks in advance,
Bogdan