The Symantec Security Information Manager utilizes the M4 Macro Library to transform raw rule definitions into java code that can be executed by the rule-engine. By crafting a specially designed rule, a user could obtain shell execution under the sesuser account name during the M4 transformation.
Symantec has created a fix to address this issue
Symantec would like to thank Adam Baldwin for reporting this issue and for providing coordination while Symantec resolved it.
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.