Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score:Legacy ID
7 Jul 2016 Closed Medium 5.2 SYM16-012
Symantec Workspace Streaming (SWS) and Workspace Virtualization (SWV) management consoles were susceptible to a path traversal in a file download configuration file that could allow a malicious user who could access the vulnerable file to view unauthorized application files of specific file types. An authenticated console user could manipulate this same file to read any file on the host system. This could potentially provide additional information for staging additional attacks on the application or host system.
Symantec was notified of an unauthorized path traversal vulnerability in the configuration tool download file. This file did not properly check file authorization. This could have potentially allow an authorized network user unauthorized access to this file and to be able to manipulate it to read specific application file types.
An authorized management console user could manipulate this same file to allow unauthorized read access to any file on the local host system. These types of unauthorized file read access could potentially provide sufficient information to stage additional exploit attempts against the application or the host system.
Symantec engineers verified these issues and resolved them in the hot fixes listed in the products table above.
Symantec is not aware of exploitation of or adverse customer impact from this issue.
Symantec Workspace Streaming and Workspace Virtualization hotfixes will be available through Symantec File Connect. Customers should apply these hotfixes to avoid potential incidents of this nature.
Symantec strongly recommends as part of normal best practices:
Restrict access to administration or management systems to privileged users.
Restrict remote access, if required, to trusted/authorized systems only.
Run under the principle of least privilege where possible to limit the impact of exploit by threats.
Keep all operating systems and applications updated with the latest vendor patches.
Follow a multi-layered approach to security. Run both firewall and anti-malware applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats.
Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities.
Symantec would like to thank Dmitry Serebryannikov (https://twitter.com/dsrbr) for reporting these to us and working with us as we addressed them.
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.