Release date:
Updated on:
Affected Systems:
Symantec LiveUpdate Administrator 2.x
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2012-0304
Deletecs LiveUpdate Administrator provides infrastructure support for the content.
Symantec LiveUpdate Administrator 2.3.1 and earlier versions set insecure default permissions on some files ("Everyone" group assigned "Full Control "), attackers can exploit this permission to perform certain operations, delete, operate, and replace application files.
<* Source: Tenable Network Security (http://www.tenablesecurity.com /)
Link: http://secunia.com/advisories/49631/
Http://www.symantec.com/security_response/securityupdates/detail.jsp? Fid = security_advisory & pvid = secu
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Symantec
--------
Symantec has released a Security Bulletin (SYM12-009) and patches for this:
SYM12-009: Security Advisories Relating to Symantec Products-Symantec LiveUpdate Administrator 2.3 Insecure File Permissions
Link: http://www.symantec.com/security_response/securityupdates/detail.jsp? Fid = security_advisory & pvid = secu