Client Management Suite

 View Only
Back to discussions
Expand all | Collapse all

Symantec Management Console Directory Traversal

  • 1.  Symantec Management Console Directory Traversal

    Posted Nov 21, 2017 11:18 AM

    So we just got this in email and I am going to call in for a support ticket. My question is if anyone here knows if this includes 7.6hf7 versions as well?

    Symantec Management Console prior to ITMS 8.1 RU4

    We are not ready to go 8.1 RU4 - but seems we maybe pushed to if there is no fix other than the new version.

    Is anyone else concerned? what are people doing about it that are concerned?
    ​Thanks for your input.



  • 2.  RE: Symantec Management Console Directory Traversal

    Posted Nov 22, 2017 10:33 AM

    Telefragger

    Mind posting back what support says about this vulnerability? Would love to see if it will be a PF or not.

    Thanks!



  • 3.  RE: Symantec Management Console Directory Traversal

    Trusted Advisor
    Posted Nov 23, 2017 07:21 AM

    Hi All,

    I've just been on the phone with support myself and I'll post the full response once they give the more detailed information I've asked for.

    He has mentioned that the Development team are working on Point Fixes for previous versions, but couldn't say which. Fingers crossed it's for at least 7.6 and 8.0.

    I asked specifically what area within the console this issue is related to, so we can potentially advise others to remove access to that area and reduce the risk, but that is also going to be confirmed by support.

    I've also asked for a Symantec Article to be released ASAP with more detail to ensure everyone else has the information needed to resolve this.

    If I'm made aware of any other info, I'll make sure to post it here.

    Thanks



  • 4.  RE: Symantec Management Console Directory Traversal

    Trusted Advisor
    Posted Dec 06, 2017 04:55 AM

    Hi,

    There has been a KB released for this that now gives slightly more info:

    https://support.symantec.com/en_US/article.TECH248342.html

    It now shows that a fix for 7.6 HF7 and 8.0 HF6 is coming shortly, hopefully sometime this month. 

    I've also asked if Symantec can work on an official article to provide guidance on restricting console access to this section of the platform, therefore reducing the risk significantly. I'll update again if this progresses.

    Thanks



  • 5.  RE: Symantec Management Console Directory Traversal

    Posted Dec 08, 2017 08:46 AM

    sorry i didnt reply back sooner. Tech said that there is going to be a point fix mid December...
    Supposedly will be for 7.6 and 8.x....

    ​Fingers crossed...

    Found the email...

    Jeffrey,

    I received the information from our development team.

    Version 7.6 is also vulnerable. It is only the portions of the ITMS suite that handle packages that are effected (Deployment Solution, Patch Management, Software Delivery) but as most customers use at least one of these technologies, you are likely effected.

    Updates for 7.6 and 8.0 are planned and in development, but will not be available until after mid December. Rough ETA is the 18th, but that is highly subject to change while the update under goes Q&A testing.

    Please let me know if you have any questions or would like a call to discuss this further.

     

     



  • 6.  RE: Symantec Management Console Directory Traversal

    Posted Dec 08, 2017 01:00 PM

    Thanks for sharing, TeleFragger.

    Let's wait the point fix!

    Regards,



  • 7.  RE: Symantec Management Console Directory Traversal

    Posted Dec 20, 2017 09:22 AM

    Looks like PF14 in SMP 7.6 has the patch - https://support.symantec.com/en_US/article.INFO3459.html

    Can someone who has an open support case confirm?

    Thanks



  • 8.  RE: Symantec Management Console Directory Traversal

    Posted Jan 09, 2018 06:43 PM

    what i got from tech
     

    TECH248342 Symantec Management Console Directory Traversal (CVE-2017-15527)(SYM17-013)

     

    See:

    ITMS 7.6 post-HF7:
    Fixes for PATCH component: see Patch 7.6 Cumulative HF7 v6 -- INFO3457
    Fixes for SMF component: see SMA_SMF_SMP_7.6_POST_HF7_P2P 7.6 Cumulative HF7 v14 -- INFO3459
    Fixes for DS component: see DS 7.6 Cumulative HF7 v9 -- INFO3459

    Hopefully this is helpful to you. Let us know if you have further questions.


     

    Jeffrey,

    I am sorry for that.  I had not gone over that article myself.  We have added too many options and too little clarification to that document:

    For that vulnerability you need just two pieces.
    Software Management Framework (covers Patch and Software Management vulnerabilities)
    SMA_SMF_SMP_7.6_POST_HF7_P2P_v14.zip

    And Deployment Solution
     DS 7.6 post hf7 Cumulative PointFix V9

     

     



  • 9.  RE: Symantec Management Console Directory Traversal

    Trusted Advisor
    Posted Jan 18, 2018 08:16 AM

    @Telefragger and others who got emails on this - would you mind sharing who those emails came from?  I never got one, but I think I should have given the vulnerability.



  • 10.  RE: Symantec Management Console Directory Traversal

    Posted Jan 19, 2018 08:59 AM

    @Sally5432,

                 I didnt get an email initially but I put a ticket in and a tech started the ball rolling... so my emails have only come in due to me starting up a ticket. Now that it is documented with links, I dont think you need the email but just go start your process of getting it installed. We havent budged yet because were dealing with all this new stuff going on. Got to get our AV current, registry keys installed before we can even patch this month!!!!!!!!!



  • 11.  RE: Symantec Management Console Directory Traversal

    Trusted Advisor
    Posted Jan 19, 2018 01:51 PM

    I just want to make sure I'm getting Symantec emails.  Seems like something like this should have went out to all customers.  Thanks for the reply!