Rule:

--
Sid:
4681

--
Summary:
This event is generated when an attempt is made to exploit a known vulnerability in the Symantec Administration Interface for the Symantec AntiVirus Scan Engine.

--
Impact:
A successful attack can cause a buffer overflow and the subsequent execution of arbitrary code with system level privileges on a vulnerable host.

--
Detailed Information:
A vulnerability exists in the way that the Symantec Web Administration Interface handles user supplied data. The vulnerability exists because user supplied data is not properly checked before processing which can lead to excessive data being supplied to a fixed length buffer.

--
Affected Systems:
Symantec AntiVirus Scan Engine 4.0 and 4,3

--
Attack Scenarios:
An attacker can supply data of their choosing to the interface, overflowing the buffer and then execute code of their choosing on the host.

--
Ease of Attack:
Simple.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Upgrade to the most current non-affected version of the product.

--
Contributors:
Sourcefire Vulnerability Research Team
Alex Kirk <akirk@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References

--
