Endpoint Protection

Hi,
The context:
1. There is CVE-2009-1429 vulnerability (http://webact.symantec.com/en/uk/business/security_response/attacksignatures/detail.jsp?asid=23357) related (among others) to Intel LANDesk Common Base Agent (CBA) component of AMS2  (TCP  port 12174)

2. There is MR8 patch supposed to fix the issue: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20090428_02
===
I tested 2 cases in my lab:
1. SAVCE 10.x installation with aplied MR8 fix - all works fine (none of the CVE-2009-1429 vulnerabilities can be exploited). There is no Intel LANDesk Common Base Agent (CBA) component enabled.

2. SAVCE9 to SAVCE10 upgrade with aplied MR8 fix. Unfortunatelly after upgrade we can see Intel LANDesk Common Base Agent (CBA) component enabled (TCP  port 12174) and we can exploit it.
====
We have many customers which followed the SAVCE9 to SAVCE10 migration some time ago and now we need a solution for them. The problem is that after the migration the Intel LANDesk Common Base Agent (CBA) is enabled in SAVCE 10.

Does somebody know why this component is still enabled after migration? For legacy support? Could we disable it somehow?

Thanks in advance,
Bogdan

This really sounds like an issue for Symantec support. I would suggest you open a case ASAP.
Use the web portal to open a web case to help avoid the wait times sometimes experienced on the support line.

https://mysupport.symantec.com/

Cheers,
Thomas

That component shouldn't even be installed on most systems because it relates to the alerting component. If it's installed on every server it doesn't need to be. If it's on just the management server, a manual uninstall and reinstall should fix it.

Ray