ESB-2017.2890 - [Win][Mac] Symantec Endpoint Encryption: Multiple vulnerabilities 2017-11-15

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2890
       Security Advisories Relating to Symantec Products - Symantec
                    Endpoint Encryption Various Issues
                             15 November 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Symantec Endpoint Encryption
Publisher:         Symantec
Operating System:  Windows
                   Mac OS
Impact/Access:     Denial of Service    -- Remote/Unauthenticated
                   Increased Privileges -- Existing Account      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-15525 CVE-2017-15526 

Original Bulletin: 
   https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20171113_00

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Advisories Relating to Symantec Products - Symantec Endpoint
Encryption Various Issues

SYM17-012

November 13, 2017

OVERVIEW

Symantec has released an update to address two issues in the Symantec Endpoint
Encryption product.

Highest severity issue: Medium
Number of issues: 2

 
ISSUES

This update applies to the following issues:

TITLE                                                   CVE            SEVERITY

Symantec Endpoint Encryption DoS prior to SEE           CVE-2017-15525 Medium
v11.1.3MP1

Symantec Endpoint Encryption NULL Pointer prior to SEE  CVE-2017-15526 Medium
v11.1.3MP1
 

AFFECTED PRODUCTS

Symantec has verified the issues and addressed them in product updates as
outlined below.

Enterprise

The following Symantec enterprise products are affected.

PRODUCT                                SOLUTION

Symantec Endpoint Encryption prior to  Upgrade to Symantec Endpoint Encryption
SEE v11.1.3MP1                         SEE v11.1.3MP1


ISSUE DETAILS
 

Symantec Endpoint Encryption Denial of Service

CVE-2017-15525

BID: 101697

Severity: Medium (CVSSv3: 4.2) AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Impact: Denial of service

Exploitation: None

Date patched: November 8, 2017

A denial of service (DoS) attack is a type of attack whereby the perpetrator
attempts to make a particular machine or network resource unavailable to its
intended users by temporarily or indefinitely disrupting services of a specific
host within a network. DoS attacks can occur when a system becomes flooded with
specific network requests or subversive operations that can cause the resourced
system to become unresponsive.
 

Symantec Endpoint Encryption NULL Pointer De-Reference

CVE-2017-15526

BID: 101698

Severity: Medium (CVSSv3: 4.2) AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Impact: Privilege escalation

Exploitation: None

Date patched: November 8, 2017
 
Symantec Endpoint Encryption can be susceptible to a null pointer de-reference
issue, which can result in a NullPointerException that can lead to a privilege
escalation scenario. A null-pointer dereference takes place when a pointer with
a value of NULL is used as though it pointed to a valid memory area.


MITIGATION

These issues were validated by the product team engineers. A Symantec Endpoint
Encryption update, version SEE v11.1.3MP1, has been released which addresses
the aforementioned issues. Note that the latest releases and patches for
Symantec Endpoint Encryption are available to customers through normal support
channels. At this time, Symantec is not aware of any exploitations or adverse
customer impact from these issues.

 
ACKNOWLEDGEMENTS

  * Kyriakos Economou (@kyREcon) on behalf of Nettitude: https://
    www.nettitude.com/ (CVE-2017-15525)
  * Kyriakos Economou (@kyREcon) on behalf of Nettitude: https://
    www.nettitude.com/ (CVE-2017-15526)


REVISIONS

- -          None

 

REPORTING VULNERABILITIES TO SYMANTEC

Symantec takes the security and proper functionality of our products very
seriously. As founding members of the Organization for Internet Safety
(OISafety), Symantec supports and follows responsible disclosure guidelines.
Symantec has developed a Software Security Vulnerability Management Process
document outlining the process we follow in addressing suspected
vulnerabilities in our products.
Symantec Corporation firmly believes in a proactive approach to secure software
development and implements security review into various stages of the software
development process. Additionally, Symantec is committed to the security of its
products and services as well as to its customers' data. Symantec is committed
to continually improving its software security process.
This document provides an overview of the current Secure Development Lifecycle
(SDLC) practice applicable to Symantec's product and service teams as well as
other software security related activities and policies used by such teams.
This document is intended as a summary and does not represent a comprehensive
list of security testing and practices conducted by Symantec in the software
development process.
Please contact secure@symantec.com if you believe you have discovered a
security issue in a Symantec product. A member of the Symantec Software
Security team will contact you regarding your submission to coordinate any
required response. Symantec strongly recommends using encrypted email for
reporting vulnerability information to secure@symantec.com.
The Symantec Software Security PGP key can be found at the following location:
Symantec Product Vulnerability Management PGP Key
COPYRIGHT (C) BY SYMANTEC CORP.
Permission to redistribute this alert electronically is granted as long as it
is not edited in any way unless authorized by Symantec Software Security.
Reprinting the whole or part of this alert in any medium other than
electronically requires permission from secure@symantec.com.
Last modified on: November 13, 2017
Security Response Blog
The State of Spam
Symantec | United States

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWgt32ox+lLeg9Ub1AQiUyBAArRCV6nTbYV9/mB+ZWnS0pkzwvqHhPfPz
86PMzxnOL+AllNM2EW0SyqHWms46qjJE7e7KQN+ex52TDnug7BPKTCYo9Vho/JH8
YrbiIEHRI93yBWSWLVVUUZkFAqnJyBKlzhzB3Srhm9j53oCEjHxRlxp0oJvWivgo
jDBGUCbm58W4Z+VGsSlbdYOD1E0k/PEcCfDw8R/D/mtY9g3ZcznuwTbGHtXnoKnj
kcHPFrIhDVSy2u949BG0d07MuTwNS6tRuXD9wufNVmR7+CZFGRw9kosDlyjDrvGC
ApELcyKRNQmAFINrQWAS3IdsFdV2WDmST3JRmopbU6wh2pMaWuB+5qYDGCkWpxrW
tJelK4bbldjOS4x8GMJM3DMbDtMXq+KJ/NDW82em5N35tTbl7EVxWwXWiKmTP7XD
577fhb8gYK3Y4JFk6JbS48I8vbdsBgcPVwX52BaBrEOOb38nechBJMkhPLcaRwP5
HYcrRbS5Ymr/sy+u+vOQE+Y6mZ6S5ScZP4iY2Dl5RU9VovTCiNFa2cFH82GZ30vq
UPfI4h2B95J2KvNZKxUydIZxgX8fkggVIOgBx4DG/Rrr2q/7GGApQxlMSBIQomeG
X0p8fK+JSmhs0RaU1kTlCNiFdMBY4pYz0g4JrB7x6a+DwGOCa1DDQZdVE9briUBg
1OC3MOxV6k4=
=NxW9
-----END PGP SIGNATURE-----

« Back to bulletins