1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. TCP Symantec AMS Command Exec

TCP Symantec AMS Command Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detect execute arbitrary commands in Symantec AMS service.

Additional Information

Symantec Antivirus Corporate Edition is a security application. The Alert Management Service (AMS2) is used to manage and report alerts.

Symantec Antivirus Corporate Edition is prone to a remote privilege-escalation vulnerability. The issue affects the Intel Alert Handler service 'hndlrsvc.exe', a component of AMS2. Attackers can send specially crafted network packets to the AMS server console through TCP port 38292 to execute arbitrary commands with SYSTEM-level privileges.

Attackers can exploit this issue to gain SYSTEM-level privileges on an affected computer.

Symantec Antivirus Corporate Edition 10.1.8.8000 is vulnerable; other versions may also be affected.

Affected

  • Symantec Antivirus Corporate Edition 10.1.8.8000

Response

Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube