DLL Loading Issue in Symantec Enterprise Products
SUMMARY
Symantec has released updates to address a DLL loading issue in Symantec IT Management Suite (ITMS), Symantec Ghost Solution Suite (GSS), Symantec Encryption Desktop (SED), and Symantec Endpoint Virtualization (SEV).
AFFECTED PRODUCTS
Symantec IT Management Suite 8.0 |
||
CVE |
Affected Version(s) |
Remediation |
CVE-2016-6590 |
Prior to 8.0 HF4 |
Upgrade to 8.0 HF4 |
Symantec IT Management Suite 7.6 |
||
CVE |
Affected Version(s) |
Remediation |
CVE-2016-6590 |
Prior to 7.6 HF7 |
Upgrade to 7.6 HF7 |
Symantec Ghost Solution Suite |
||
CVE |
Affected Version(s) |
Remediation |
CVE-2016-6590 |
Prior to 3.1 MP4 |
Upgrade to 3.1 MP4 |
Symantec Endpoint Virtualization |
||
CVE |
Affected Version(s) |
Remediation |
CVE-2016-6590 |
Prior to 7.6 HF7 |
Upgrade to 7.6 HF7 |
Symantec Encryption Desktop |
||
CVE |
Affected Version(s) |
Remediation |
CVE-2016-6590 |
Prior to 10.4.1 MP1 |
Upgrade to 10.4.1 MP1 |
ISSUES
CVE-2016-6590 |
|
Severity/CVSSv3: |
High / 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
References: Impact: |
Securityfocus: BID 94279 / NVD: CVE-2016-6590 Code execution |
Description: |
Symantec was notified of a DLL loading issue impacting the Symantec ITMS, GSS, SED and SEV products. An authorized but non-privileged user could potentially leverage this issue to execute arbitrary code with elevated privileges on the system. Ultimately, this problem is caused by a failure to use an absolute path when loading DLLs during product boot up/reboot. This can cause default DLL search logic to be followed and creates the potential for an unauthorized execution of a specifically-crafted DLL substituted for the authorized DLL in the search path. If successfully accomplished, the user's code could potentially execute with the elevated privileges of the application. An external attacker would need to successfully entice an authorized user to visit a malicious web site or click on a malicious HTML link in an email in any attempts to download malicious code to take advantage of this issue. |
MITIGATION
Symantec engineers verified this finding and have resolved it in the product upgrades indicated as solutions in the Affected Products table. For customers with Symantec IT Management Suite 7.6, ensure you update to ITMS 7.6 HF7 and then apply point fix as described in https://support.symantec.com/en_US/article.info3459.html. Product Updates are available through normal customer product download locations.
Customers should apply these upgrades to avoid potential incidents of this nature.
Symantec is not aware of exploitation of or adverse customer impact from this issue.
ACKNOWLEDGEMENTS
- Himanshu Mehta (CVE-2016-6590)
- Praveen Singh (CVE-2016-6590)
REVISION
- December 19, 2016: Added ITMS 7.6 releases prior to 7.6 HF7 to the affected products along with mitigation steps for ITMS 7.6 HF7
- March 31, 2017: Added SED 10.x prior to SED 10.4.1 MP1 to the affected products with solution upgrade to SED 10.4.1 MP1