Symantec Patches Flaw in Enterprise Security Manager
Anti-virus vendor plugs hole that could have been exploited remotely.Symantec has patched a security hole in its Enterprise Security Manager tool that allows attackers to take control of infected machines. The Cupertino, Calif., company cautioned users in an advisory that all versions of ESM, except version 6.5.3, are vulnerable to a remote code execution attack. The problem, officials at the anti-virus vendor reported, is that the ESM agent remote upgrade interface does not authenticate the source of remote upgrade requests a vulnerability that can be exploited to launch malware via a specially crafted upgrade request.
"The ESM agent accepts remote upgrade requests from any entity that understands the upgrade protocol," according to the advisory. "The ESM agent does not currently verify that upgrades are from a trusted source. An attacker with knowledge of the agent protocol could deploy a piece of software that allows the attacker to control the host computer. The ESM agent runs with administrative privileges."