Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0230

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2006-0230
Last Modified 07 Mar 2011 09:29:37
Published 24 Apr 2006 09:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0230

Summary

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.

Vulnerable Systems

Application

  • Symantec Antivirus Scan Engine 5.0.0.24


References

CERT-VN - VU#118388

VULNWATCH - 20060421 Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error

VUPEN - ADV-2006-1464

XF - sse-unauth-admin-access(25972)

CONFIRM - http://www.symantec.com/avcenter/security/Content/2006.04.21.html

BID - 17637

BUGTRAQ - 20060421 [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities

SECUNIA - 19734


Last Updated: 27 May 2016 10:41:35