Symantec Management Console Directory Traversal (CVE-2017-15527)(SYM17-013)

book

Article ID: 170599

calendar_today

Updated On:

Products

Patch Management Solution for Windows

Issue/Introduction

The Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs. The goal of this attack is to use an affected application to gain unauthorized access to the file system.

Note: only Deployment Solution (DS), Software Management Framework (SMF) and Patch components are applicable to this vulnerability.

n/a

Cause

SYM17-013

Environment

ITMS 7.6.x, 8.0.x, 8.1.x

Resolution

MITIGATION

This issue was validated by the product team engineers. Symantec Management Console updates which addresses the aforementioned issue:
ITMS 8.1 RU4 - available. ref DOC10690

ITMS 8.0 post-HF6 - Released
Fixes for PATCH component: see Patch 8.0 Cumulative HF6 v5 -- INFO4241
Fixes for SMF component: see SMF 8.0 Cumulative HF6 v2 -- INFO4241
Fixes for DS component: see SMF 8.0 Cumulative HF6 v5 -- INFO4241

 


ITMS 7.6 post-HF7 - Released
Fixes for PATCH component: see Patch 7.6 Cumulative HF7 v6 -- INFO3457
Fixes for SMF component: see SMA_SMF_SMP_7.6_POST_HF7_P2P 7.6 Cumulative HF7 v14 -- INFO3459
Fixes for DS component: see DS 7.6 Cumulative HF7 v9 -- INFO3459

 


BEST PRACTICES

Symantec recommends the following measures to reduce risk of attack:

    Restrict access to administrative or management systems to authorized privileged users.
    Restrict remote access to trusted/authorized systems only.
    Run under the principle of least privilege, where possible, to limit the impact of potential exploit.
    Keep all operating systems and applications current with vendor patches.
    Follow a multi-layered approach to security. At a minimum, run both firewall and anti-malware applications to provide multiple points of detection and protection to both inbound and outbound threats.
    Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in the detection of attacks or malicious activity related to the exploitation of latent vulnerabilities.