Symantec Patches Flaw in Enterprise Security Manager

Anti-virus vendor plugs hole that could have been exploited remotely.

Symantec has patched a security hole in its Enterprise Security Manager tool that allows attackers to take control of infected machines.

The Cupertino, Calif., company cautioned users in an advisory that all versions of ESM, except version 6.5.3, are vulnerable to a remote code execution attack. The problem, officials at the anti-virus vendor reported, is that the ESM agent remote upgrade interface does not authenticate the source of remote upgrade requests – a vulnerability that can be exploited to launch malware via a specially crafted upgrade request.

"The ESM agent accepts remote upgrade requests from any entity that understands the upgrade protocol," according to the advisory. "The ESM agent does not currently verify that upgrades are from a trusted source. An attacker with knowledge of the agent protocol could deploy a piece of software that allows the attacker to control the host computer. The ESM agent runs with administrative privileges."

Downloadable automated and manual fixes are available on the Symantec Web site. Symantec officials are not aware of any attempts to exploit the vulnerability, which was patched April 5.

Denmark-based security research firm Secunia characterized the threat as "moderately critical", while the French Security Incident Response Team described the flaw as "high-risk" because attackers could exploit it from remote locations to hijack targeted machines.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.