This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:SYMC:AMS-MODEM-STRING-OF
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
APP
|
Keywords |
Symantec Alert Management System Modem String Stack Buffer Overflow
|
Release Date |
2011/02/14
|
Update Number |
1865
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: Symantec Alert Management System Modem String Stack Buffer Overflow
This signature detects attempts to exploit a known stack buffer overflow vulnerability in Symantec Alert Management System. It is caused by copying a user supplied modem string into a stack buffer without prior validation of its size. It occurs in pagehndl.dll while processing data sent from the msgsys.exe process, which listens by default on TCP port 38292. A remote, unauthenticated attacker can exploit this by sending a specially crafted packet to the affected service. A successful attack can result in arbitrary code execution with SYSTEM privileges.
Extended Description
Symantec Intel Alert Management System (AMS2) is prone to multiple remote buffer-overflow vulnerabilities. AMS2 is used in multiple Symantec products including Symantec AntiVirus Corporate Edition Server (SAVCE), Symantec System Center (SSC), and Symantec Quarantine Server.
Attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Affected Products
- Symantec antivirus 10
- Symantec antivirus_corporate_edition 10.0.0
- Symantec antivirus_corporate_edition 10.0.0.359
- Symantec antivirus_corporate_edition 10.0.1.1000
- Symantec antivirus_corporate_edition 10.0.1.1001 (MR1-PP1)
- Symantec antivirus_corporate_edition 10.0.1.1003 (MR1-PP2)
- Symantec antivirus_corporate_edition 10.0.1.1007
- Symantec antivirus_corporate_edition 10.0.1.1008
- Symantec antivirus_corporate_edition 10.0.1.1009 (MR1-PP9)
- Symantec antivirus_corporate_edition 10.0.2.2000
- Symantec antivirus_corporate_edition 10.0.2 .2001
- Symantec antivirus_corporate_edition 10.0.2.2002
- Symantec antivirus_corporate_edition 10.0.2.2010
- Symantec antivirus_corporate_edition 10.0.2.2011
- Symantec antivirus_corporate_edition 10.0.2.2020
- Symantec antivirus_corporate_edition 10.0.2.2021
- Symantec antivirus_corporate_edition 10.1
- Symantec antivirus_corporate_edition 10.1.0.394
- Symantec antivirus_corporate_edition 10.1.0.396
- Symantec antivirus_corporate_edition 10.1.0.400
- Symantec antivirus_corporate_edition 10.1.0.401
- Symantec antivirus_corporate_edition 10.1.4
- Symantec antivirus_corporate_edition 10.1.4.4000 (MR4)
- Symantec antivirus_corporate_edition 10.1.4.4010
- Symantec antivirus_corporate_edition 10.1.4 MR4 MP1 - build 4010
- Symantec antivirus_corporate_edition 10.1.5.5000 (MR5)
- Symantec antivirus_corporate_edition 10.1.5.5001 (MR5-PP1)
- Symantec antivirus_corporate_edition 10.1.5.5010 (MR5-MP1)
- Symantec antivirus_corporate_edition 10.1.6.600
- Symantec antivirus_corporate_edition 10.1.6.6000
- Symantec antivirus_corporate_edition 10.1.6.6010 (MR6-MP1)
- Symantec antivirus_corporate_edition 10.1.7.7000 (MR7)
- Symantec antivirus_corporate_edition 10.1.8.8000
- Symantec antivirus_corporate_edition 10.1 MR6
- Symantec antivirus_corporate_edition 10.1 MR6 MP1
- Symantec antivirus_corporate_edition 10.1 MR7
- Symantec antivirus_corporate_edition 10.1 MR8
- Symantec antivirus_corporate_edition 10.1 MR9
- Symantec quarantine_server 3.5
- Symantec quarantine_server 3.6
- Symantec system_center
References