The Channel logo

News

By | Richard Chirgwin 7th August 2014 06:28

Zero-day hits Symantec endpoint products

Soak those connections, download those patches

Get patching, sysadmins, there's a zero-day in Symantec Endpoint Protection (SEP).

This US-CERT advisory is alerting anyone who ignored Symatec's note about the issue.

CVE-2014-3434 is a local access vulnerability with a public exploit. A client buffer overflow can cause a blue-screen-of-death on the client, which could also expose the client to unauthorised local privilege escalation.

It affects all builds of SEP client 12.1 and 11.0, and all builds of SEP 12.0 Small Business Edition. Unaffected products are SEP Manager, SEP Endpoint Protection 12.1 Small Business Edition, SEP cloud and Symantec Network Access Control.

The vuln was one of many turned up by Offensive Security in this blog post. Offensive Security says only some of its discoveries have been acted on, and is pimping its talk at Black Hat, at which it will detail the rest.

According to Symantec, the fault is in the sysplant driver, which doesn't properly validate external input. It's part of the SEP client's Application and Device Control component, which means disabling that component will serve as a workaround if you can't patch immediately.

Offensive Security reported the issue to Symantec on 29 July, and an exploit authored by Bradley Sean Susser of Bot24 Inc was published yesterday. Symantec has issued a patch for the issue.

Symantec was ditched from China's list of approved vendors on 5 August. ®

comment icon Read 8 comments on this article or post a comment alert Send corrections

Opinion

Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella
Stranded_ships

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral

Features

STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock
Honest mistake with your licensing? Audit police look at it on a 'case by case basis'