search cancel

Symantec Security Advisory for Symantec Data Center Security: Server Advanced

book

Article ID: 150392

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Server Advanced

Issue/Introduction

 

Resolution

Symantec Data Center Security: Server Advanced is susceptible to security issues in the management server and the agents that could enable unauthorized elevated access, bypassing security protection on agents, and potential unauthorized insertion of unauthorized code on agents.

Product

Version

Solution

Symantec Critical System Protection

  5.2.9 and  earlier  

Upgrade the management server and import the policy packs that are provided in the 5.2.9 MP 6 HF2. Re-apply the updated policies.

Symantec Data Center Security: Server Advanced        

6.0.x

Upgrade the management server and import the policy packs that are provided in the 6.5 MP1 HF8. Re-apply the updated policies.

 Symantec Data Center Security: Server Advanced

6.5.x

Upgrade the management server and import the policy packs that are provided in the 6.5 MP1 HF8. Re-apply the updated policies.

Symantec Data Center Security: Server Advanced

6.6

Upgrade the management server to the 6.6 MP1 released build.

Import the policy packs that are provided in the 6.6 MP1 HF1. Re-apply the updated policies.

Symantec Data Center Security: Server Advanced

6.6 MP1

Import the policy packs that are provided in the 6.6 MP1 HF1. Re-apply the updated policies.

To address the vulnerability mentioned in this security advisory, you must update your management server to the version released with the hotfixes mentioned below.

Additionally:

  • If you are using only the detection feature on the agents, disable the Util service (sisipsutil) as a mitigation. Symantec recommends that you update the agents to the version released with the hotfixes mentioned below. You can enable the Util service after updating the agents.
    Note: The event viewer functionality does not work after you stop the Util service. 
  • If you are using the prevention feature on the agent and have updated the policy packs provided with the below hotfixes, updating the agents is not mandatory.

The security issues listed in this advisory do not impact UNIX agents.

The SCSP 5.2.9 MP 6 HF2, DCS: Server Advanced 6.5 MP1 HF8, and DCS: Server Advanced 6.6 MP1 HF1 are available at:

As a best security practice, Symantec recommends that you update the Management Server, agents, and policies to the latest ones as soon as they are available to benefit from critical bug fixes and improvements in the areas of protection and monitoring.