Symantec Endpoint Protection Manager/Client Local Denial of Service Vulnerability

Symantec Endpoint Protection Manager/Client Local Denial of Service Vulnerability
Symantec Endpoint Protection Manager/Client Local Denial of Service Vulnerability

Release date:
Updated on:

Affected Systems:

Symantec Endpoint Protection Manager < 12.1.6

Description:

Bugtraq id: 75202
CVE (CAN) ID: CVE-2014-9228

Symantec Endpoint Protection (SEP) is a new generation of anti-virus and firewall products developed by Symantec Corporation.

In versions earlier than Symantec Endpoint Protection (SEP) 12.1.6, sysplant. sys has deadlocks. Local Users can exploit this vulnerability to cause local denial-of-service (DoS) attacks by running calls in special formats.

<* Source: Knut St. Osmundsen

Link: https://www.symantec.com/security_response/securityupdates/detail.jsp? Fid = security_advisory & pvid = sec
*>

Suggestion:

Vendor patch:

Symantec
--------
Symantec has released a Security Bulletin (SYM15-005) and patches for this:
SYM15-005: Security Advisories Relating to Symantec Products-Symantec Endpoint Protection Manager and Client Issues SYM15-005
Link: https://www.symantec.com/security_response/securityupdates/detail.jsp? Fid = security_advisory & pvid = sec

This article permanently updates the link address: