Symantec Security Information Manager Authentication bypass
1095
06 March 2020
13 June 2006
CLOSED
LOW
SUMMARY
A security vulnerability has been found in the current release of Symantec Security Information Manager.
Risk Impact
Low
|
Remote |
No |
|
Local |
Yes |
|
Authentication Required |
No |
|
Exploit publicly available |
No |
AFFECTED PRODUCTS
|
Product |
Version |
Build |
Update To |
|
Symantec Security Information Manager |
4.0.2 |
All |
ADDITIONAL PRODUCT INFORMATION
ISSUES
The Symantec Security Information Manager utilizes the M4 Macro Library to transform raw rule definitions into java code that can be executed by the rule-engine. By crafting a specially designed rule, a user could obtain shell execution under the sesuser account name during the M4 transformation.
MITIGATION
Symantec has created a fix to address this issue
ACKNOWLEDGEMENTS
Symantec would like to thank Adam Baldwin for reporting this issue and for providing coordination while Symantec resolved it.