|
Feeds -
Exploits
|
|
Written by An anonymous source working with iDefense Labs
|
|
Tuesday, 17 March 2009 21:49 |
Autonomy KeyView Module Unspecified Buffer Overflow Vulnerability
-\\Bugtraq ID:
34086
-\\Class:
Boundary Condition Error
-\\CVE:
CVE-2008-4564
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Mar 17 2009 12:00AM
-\\Updated:
Mar 17 2009 06:56PM
-\\Credit:
An anonymous source working with iDefense Labs
-\\Vulnerable:
Symantec Mail Security for SMTP 5.0.1 Patch 200
Symantec Mail Security for SMTP 5.0.1 Patch 189
Symantec Mail Security for SMTP 5.0.1 Patch 182
Symantec Mail Security for SMTP 5.0.1 Patch 181
Symantec Mail Security for SMTP 5.0.1
Symantec Mail Security for SMTP 5.0
Symantec Mail Security for Microsoft Exchange 6.0.7
Symantec Mail Security for Microsoft Exchange 6.0.6
Symantec Mail Security for Microsoft Exchange 5.0.11
Symantec Mail Security for Microsoft Exchange 5.0.10
Symantec Mail Security for Domino 7.5.5 32
Symantec Mail Security for Domino 7.5.4 29
Symantec Mail Security for Domino 7.5.3.25
Symantec Mail Security Appliance 5.0
Symantec Mail Security Appliance 5.0.0.24
Symantec Mail Security Appliance 5.0.0-36
Symantec Mail Security Appliance 5.0.0-36
Symantec Enforce for Windows 8.1
Symantec Enforce for Linux 8.1
Symantec Enforce 8.0
Symantec Enforce 7.0
Symantec Data Loss Prevention Endpoint Agents 8.1
Symantec Data Loss Prevention Endpoint Agents 8.0
Symantec Data Loss Prevention Detection Servers for Windows 8.1
Symantec Data Loss Prevention Detection Servers for Linux 8.1
Symantec Data Loss Prevention Detection Servers 8.0
Symantec Data Loss Prevention Detection Servers 7.0
Symantec BrightMail Appliance 5.0
-\\Not Vulnerable:
Symantec Mail Security for SMTP 5.0.1 Patch 201
Symantec Mail Security for Microsoft Exchange 6.0.8
Symantec Mail Security for Microsoft Exchange 5.0.12
Symantec Mail Security for Domino 7.5.6
Symantec Enforce for Windows 8.1.5 15
Symantec Enforce for Linux 8.1.5 15
Symantec Enforce 8.0.10 38
Symantec Enforce 7.2 37
Symantec Data Loss Prevention Endpoint Agents 8.1.6 2
Symantec Data Loss Prevention Endpoint Agents 8.0.10 38
Symantec Data Loss Prevention Detection Servers for Windows 8.1.5 15
Symantec Data Loss Prevention Detection Servers for Linux 8.1.5 15
Symantec Data Loss Prevention Detection Servers 8.0.10 38
Symantec Data Loss Prevention Detection Servers 7.2 37
Symantec BrightMail Appliance 8.0
-\\Discussion
Autonomy KeyView module is prone to an unspecified buffer-overflow vulnerability because it fails to perform
adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.
Exploiting this issue will allow an attacker to corrupt memory and to cause denial-of-service conditions or
potentially to execute arbitrary code in the context of the application using the module.
Multiple products using the KeyView module are affected.
-\\Exploit(s)/PoC(s):
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more
recent information, please mail us at:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
-\\Solution
Vendor updates are available. Please see the references for more information.
-\\References(s)
--KeyView Homepage
http://www.autonomy.com/content/Products/KeyView/index.en.htm (Autonomy)
--Symantec Homepage
http://www.symantec.co (Symantec)
--SYM09-004 Symantec Products Update Vulnerable Autonomy KeyView Module
http://www.symantec.com/avcenter/security/Content/2009.03.17a.htm (Symantec)
|
